Hello, I am updating dovecot, from Debian Stretch to Buster, and I have an issue with the managesieve service:> Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: > connect(login) in directory / failed: Permission denied > (euid=120(<getpwuid() error>) egid=128(<getgrgid() error>) missing +x > perm: /, we're not in group 127, dir owned by 0:127 mode=0770) > Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: > connect(login) in directory / failed: Permission denied > (euid=120(<unknown>) egid=128(<unknown>) missing +x perm: /, we're > not in group 127, dir owned by 0:127 mode=0770)The two folders I found with these permissions are /run/dovecot/login and /run/dovecot/token-login. Both folders belongs to root:dovecot If I change the permissions of the following folders, like this: chmod 0775 /run/dovecot/login chmod 0775 /run/dovecot/token-login Then, dovecot managesieve is working, but this is just a test, I suppose the service should run with a specific user? Do you have any idea on what is wrong here? If I restart dovecot, I have an error message that states the permissions are wrong, and they are set again to 0770 Thanks, Andr? Rodier
On Sat, 2020-03-28 at 15:14 +0000, Andr? Rodier wrote:> Hello, > > I am updating dovecot, from Debian Stretch to Buster, and I have an > issue with the managesieve service: > > > Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: > > connect(login) in directory / failed: Permission denied > > (euid=120(<getpwuid() error>) egid=128(<getgrgid() error>) missing > > +x > > perm: /, we're not in group 127, dir owned by 0:127 mode=0770) > > Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: > > connect(login) in directory / failed: Permission denied > > (euid=120(<unknown>) egid=128(<unknown>) missing +x perm: /, we're > > not in group 127, dir owned by 0:127 mode=0770) > > The two folders I found with these permissions are /run/dovecot/login > and /run/dovecot/token-login. > Both folders belongs to root:dovecot > > If I change the permissions of the following folders, like this: > > chmod 0775 /run/dovecot/login > chmod 0775 /run/dovecot/token-login > > Then, dovecot managesieve is working, but this is just a test, I > suppose the service should run with a specific user? > > Do you have any idea on what is wrong here? > > If I restart dovecot, I have an error message that states the > permissions are wrong, and they are set again to 0770 > > Thanks, > Andr? Rodier >Hi again, I can fix it by using this:> service managesieve-login { > inet_listener sieve { > port = 4190 > } > > # Run as an unprivileged user > group = dovecot > user = dovecot > } >Is it the right setting in term of security? Thanks again, Andr?
Hi, if i remember right there are several path changes in 90-sieve.conf. did you check this? --- Original Nachricht --- Betreff:?Re: managesieve user Von:?"Andr? Rodier" An:?"dovecot" Datum:?28-03-2020 16:29 On Sat, 2020-03-28 at 15:14 +0000, Andr? Rodier wrote:> Hello, > > I am updating dovecot, from Debian Stretch to Buster, and I have an > issue with the managesieve service: > > > Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error:auth:> > connect(login) in directory / failed: Permission denied > > (euid=120() egid=128() missing > > +x > > perm: /, we're not in group 127, dir owned by 0:127 mode=0770) > > Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error:auth:> > connect(login) in directory / failed: Permission denied > > (euid=120() egid=128() missing +x perm: /, we're > > not in group 127, dir owned by 0:127 mode=0770) > > The two folders I found with these permissions are/run/dovecot/login> and /run/dovecot/token-login. > Both folders belongs to root:dovecot > > If I change the permissions of the following folders, like this: > > chmod 0775 /run/dovecot/login > chmod 0775 /run/dovecot/token-login > > Then, dovecot managesieve is working, but this is just a test, I > suppose the service should run with a specific user? > > Do you have any idea on what is wrong here? > > If I restart dovecot, I have an error message that states the > permissions are wrong, and they are set again to 0770 > > Thanks, > Andr? Rodier >Hi again, I can fix it by using this:> service managesieve-login { >?? inet_listener sieve { >???? port = 4190 >?? } > >?? # Run as an unprivileged user >?? group = dovecot >?? user = dovecot > } >Is it the right setting in term of security? Thanks again, Andr? -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20200328/313e0ec7/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: logo_ik.png Type: image/png Size: 8696 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20200328/313e0ec7/attachment-0001.png>