On 8/2/2011 2:32 PM, Thomas Harold wrote:
On 8/1/2011 8:43 PM, Stephan Bosch wrote:
On 8/1/2011 10:11 PM, Thomas Harold wrote:
How do you compile global scripts using the sievec command without
making the script directory owned (and group writable) by the vmail
user?
http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage
# cd /etc/dovecot/sieve/before/
# (edit some script like spam.sieve that runs for everyone)
# /usr/local/bin/sievec spam.sieve spam.svbin
sievec(root): Error: sieve: binary save: failed to create temporary
file: open(spam.svbin.hostname.26921.) in directory
/etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail)
egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is
not dir owner)
Why are you executing sievec as vmail in the first place? You should be
able to run it as root or any other user you use to manage global sieve
scripts.
Sorry, I may not have been clear before, I am trying to run sievec as
root. So the error is confusing to me because it looks like sievec is
trying to drop privs and do the compile as the vmail user. I haven't
done anything special to the sievec file (like making it run as vmail
or always run as root, SELinux is in permissive mode until I gather up
enough entries in the audit log to make an audit2allow run useful).
# ls -la /usr/local/bin
-rwxr-xr-x 1 root root 123989 Aug 1 12:25 sievec
-rwxr-xr-x 1 root root 119415 Aug 1 12:25 sieve-dump
-rwxr-xr-x 1 root root 133592 Aug 1 12:25 sieve-test
What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using
and what is your config (show dovecot -n output) ?
I suspect there may be a bug.
Regards,
Stephan.
