dovecot - Aug 2009 - Operation not permitted

Hi all,

Slowly but surely moving forward, I hope...
I get the following error (in the maillog file) after I've installed 
Managesieve:
*Aug 13 10:13:52 li73-31 dovecot: deliver(andre at 
paranoidandroid.co.za): Fatal: setgid(501(paranoidandroid)) failed with 
euid=104(vmail), gid=106(vmail), egid=106(vmail): Operation not permitted*

/Does anybody know what this means and how to fix it?/

Don't know if it has anything to do with sieve (I've changed the 
/usr/etc/dovecot.conf file from mail_plugins = cmusieve to mail_plugins 
= sieve)

My config is below:

dovecot config:
----------------------
# 1.2.1: /usr/etc/dovecot.conf
# OS: Linux 2.6.18.8-x86_64-linode1 x86_64 CentOS release 5.3 (Final)
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/pki/paranoidandroidCA/server.crt
ssl_key_file: /etc/pki/paranoidandroidCA/server.key
login_dir: /usr/var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
 mechanisms: plain login cram-md5 ntlm
 passdb:
  driver: sql
  args: /etc/dovecot/dovecot_sql_passdb.conf
 userdb:
  driver: sql
  args: /etc/dovecot/dovecot_sql_userdb.conf
 socket:
  type: listen
  client:
    path: /var/spool/postfix/private/auth
    mode: 432
    user: postfix
    group: postfix
  master:
    path: /usr/var/run/dovecot/auth-master
    mode: 384
    user: vmail

postfix config:
--------------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost
mydomain = paranoidandroid.co.za
myhostname = mail.paranoidandroid.co.za
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_limit = 500
smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_maps = 
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /
virtual_mailbox_domains = 
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = 
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot

master.cf:
-------------
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
  -o smtp_fallback_relayshowq     unix  n       -       n       -       -      
showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
dovecot   unix  -       n       n       -       -       pipe flags=DRhu 
user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

On Aug 14, 2009, at 9:01 AM, Andr? Labuschagn? wrote:
> *Aug 13 10:13:52 li73-31 dovecot: deliver(andre at  
> paranoidandroid.co.za): Fatal: setgid(501(paranoidandroid)) failed  
> with euid=104(vmail), gid=106(vmail), egid=106(vmail): Operation not  
> permitted*
This means that you start deliver as vmail:vmail (which I guess is  
intended), but userdb lookup says that this user should have GID  
paranoidandroid. So deliver tries to change the proces's GID, but  
isn't allowed to because it's not running as root.
> userdb:
> driver: sql
> args: /etc/dovecot/dovecot_sql_userdb.conf
What do you have in user_query? Is it intended that different users  
have different gids (and maybe uids)?