Hello, I'm running dovecot in a classical vmail.vmail setup with pigeonhole and LMTP. Permission worked well in the initial setup but currently (maybe after Fedora 22 update) I'm having the following permission issue: lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied (euid=9999(vmail) egid=9999(vmail) missing +r perm: /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 mode=0755) lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed to create temporary file: open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed: Permission denied (euid=9999(vmail) egid=9999(vmail) missing +w perm: /etc/dovecot, dir owned by 0:0 mode=0755) lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/etc/dovecot/sieve_after.sieve' need to be pre-compiled using the sievec tool rpm -V dovecot dovecot-pigeonhole doesn't report any permission issues Versions: dovecot-2.2.18-2.fc22.x86_64 dovecot-pigeonhole-2.2.18-2.fc22.x86_64 Relevant config parts: mail_gid = vmail mail_uid = vmail plugin { sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve_after.sieve sieve_dir = ~/sieve } ls -lad /etc/dovecot/ drwxr-xr-x. 3 root root 4096 Jul 30 18:13 /etc/dovecot/ ls -la /etc/dovecot/*sieve* -rwxr-x--- 1 vmail vmail 288 Aug 8 2014 /etc/dovecot/sieve_after.sieve -rw-r----- 1 root root 355 Jul 30 18:13 /etc/dovecot/sieve_after.svbin What's are the recommended permissions for the files/directories (also for root service startup of dovecot)? Did something change in permissions management? Thanx. Ciao, Gerhard -- http://www.wiesinger.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 4 Aug 2015, Gerhard Wiesinger wrote:> > I'm running dovecot in a classical vmail.vmail setup with pigeonhole and > LMTP. Permission worked well in the initial setup but currently (maybe after > Fedora 22 update) I'm having the following permission issue: > > lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to > open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied > (euid=9999(vmail) egid=9999(vmail) missing +r perm: > /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 > mode=0755)Did you honored the error log and added the read permission for the vmail user, which most likely means: chmod a+r /etc/dovecot/sieve_after.svbin> lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed to > create temporary file: > open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed: > Permission denied (euid=9999(vmail) egid=9999(vmail) missing +w perm: > /etc/dovecot, dir owned by 0:0 mode=0755) > lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve plugin does > not have permission to save global Sieve script binaries; global Sieve > scripts like `/etc/dovecot/sieve_after.sieve' need to be pre-compiled using > the sievec toolDid you compiled the script manually as described in the error log?> > rpm -V dovecot dovecot-pigeonhole > doesn't report any permission issues > > Versions: > dovecot-2.2.18-2.fc22.x86_64 > dovecot-pigeonhole-2.2.18-2.fc22.x86_64 > > Relevant config parts: > mail_gid = vmail > mail_uid = vmail > > plugin { > sieve = ~/.dovecot.sieve > sieve_after = /etc/dovecot/sieve_after.sieve > sieve_dir = ~/sieve > } > > ls -lad /etc/dovecot/ > drwxr-xr-x. 3 root root 4096 Jul 30 18:13 /etc/dovecot/ > ls -la /etc/dovecot/*sieve* > -rwxr-x--- 1 vmail vmail 288 Aug 8 2014 /etc/dovecot/sieve_after.sieve > -rw-r----- 1 root root 355 Jul 30 18:13 /etc/dovecot/sieve_after.svbin > > What's are the recommended permissions for the files/directories (also for > root service startup of dovecot)? > Did something change in permissions management?- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVcHuIHz1H7kL/d9rAQK99wgAnp6aQJEioc/KbIWilj/JiNUJnWkMT090 DNvZBKXmGpD8IyNkAxvliVQyP3o8vbbBwaBMSoGXwlu7es9I1fKJI641pMgRNO/w r1iYkjFtP/sq4GvHoPVkTrs6QzKxVXQJZGfqsLvqAG58kieUM94QSyor5/7xa/1q XhGTH9ifJURqIDuwZkgcBKZPKJupd6+fyU8t9S27AVISjrPc5KVcuAh5yjYt2BrE 8cQRKysh+1xdLBswn4B/8jDcR9F04rjE2Py1AdmQpVjyC5AbfCbu9a9y5sCPuoEp g8NTF+kRrO6Y7rXU8aZwgpa9ScDoDMijOovpi3B/5U2r/40qpC4b7w==bD4P -----END PGP SIGNATURE-----
On 05.08.2015 13:06, Steffen Kaiser wrote:> On Tue, 4 Aug 2015, Gerhard Wiesinger wrote: > >> >> I'm running dovecot in a classical vmail.vmail setup with pigeonhole >> and LMTP. Permission worked well in the initial setup but currently >> (maybe after Fedora 22 update) I'm having the following permission >> issue: >> >> lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed >> to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission >> denied (euid=9999(vmail) egid=9999(vmail) missing +r perm: >> /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned >> by 0:0 mode=0755) > > Did you honored the error log and added the read permission for the > vmail user, which most likely means: > > chmod a+r /etc/dovecot/sieve_after.svbin >Yes, I read it but I didn't like to give read permissions for all. Isn't there a better designed solution available? Nevertheless it works by setting the read permissions for all ...>> lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed >> to create temporary file: >> open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed: >> Permission denied (euid=9999(vmail) egid=9999(vmail) missing +w perm: >> /etc/dovecot, dir owned by 0:0 mode=0755) >> lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve >> plugin does not have permission to save global Sieve script binaries; >> global Sieve scripts like `/etc/dovecot/sieve_after.sieve' need to be >> pre-compiled using the sievec tool > > Did you compiled the script manually as described in the error log? >Yes, I did, but didn't work because of the missing read permissions for all. Ciao, Gerhard -- http://www.wiesinger.com/