Re: Sieve permissions issue following update [solved]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 11 Dec 2014, David Gessel wrote: and watching the logs: dovecot: lda(ges...@blackrosetech.com): sieve: msgid=: stored mail into mailbox 'INBOX' Success! :-) The permissions correction portion of the error below still seems wrong though, isn't it? And if so, a little misleading. Dec 9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) Well, the error is not wrong by itself. An user gets a new message, in order to run the user's Sieve script, the LDA must load the sieve_before script. This is out-of-sync currently, because of the upgrade, and hence must be re-compiled and its binary form storred there. One could argue, if: a) in case of failure the binary should be written somewhere else, e.g. a temporary location and re-compiled each time a message arrives, or into the user's home dir, or ... The current way tells the admin, that something is wrong. b) sieve_before/after scripts chould be textually merged with user's scripts and storred as one combined binary in the user's directory. A change of a global script would impact all user scripts then, a message to everyone would require quite a bit CPU. Does it seem reasonable to let the port maintainer know to submit a request to include instructions in /usr/ports/UPDATING for recompiling global scripts when necessary (and how to do it)? I checked before posting to the list and the last entry for sieve is this one: You could file a bug report in your distro's bug tracking software. If these are standard locations - I mean, you did not changed the paths to point somewhere else -, the upgrade should recompile shared Sieve scripts. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVIlrdHz1H7kL/d9rAQLYBAf/bzt+3OLt6f236hd4N8fWOjo6dXJ5Cc5X EJOHKcyMeHIzVSl2GkM6ckKkfRuIIjmK5DW3h36JhaIx7wh2nQJZnNPj0xCub6hK 4xE/HRoqfpnhW36Z5XvPZc656N8ut+gx0phnHxk11K1iV8kPHQsNy29d9213UWVP yoVzaVLMBHYBRSMGIpU+10MRiSfFAbBce4mBWZ5Dt0bSUHXs5cDGRnRwH7HAvr6l k2xeBmLf4oME7Y6/Ja75CWcHnnMlTMCp4J//zfHQnsrV7nFjEMiESU8MH3Z0IXqL z4t9MVRdGWb17Sa4W22/LdainnxFcSKWR4dGX6bNu6qYLdApKXHzkQ== =4TlD -END PGP SIGNATURE-
Re: Sieve permissions issue following update [solved]
Original Message Subject: Re: Sieve permissions issue following update From: Steffen Kaiser To: David Gessel Date: Wed Dec 10 2014 09:52:57 GMT+0300 (Arabic Standard Time) > > Actually this "ls" output and the last sentence does not indicate that the > Sieve script had been compiled: a) after changing 10-move-spam.sieve _and_ b) > after the upgrade with the new Sieve tools. Good point. > > Did _you_ _manually_ run: > > cd /usr/local/etc/dovecot/sieve > rm 10-move-spam.svbin Ut oh... I did not rm the existing svbin. > sievec -D 10-move-spam.sieve > > ? And, is the sievec command displaying the Pigeonhole version you have > installed? And the -D directive is very useful, thanks: # rm 10-move-spam.svbin # sievec -D 10-move-spam.sieve sievec(gessel): Debug: sieve: Pigeonhole version 0.4.6 (3e924b1b6c5c+) initializing sievec(gessel): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. sievec(gessel): Debug: sieve: file storage: Using script storage path: 10-move-spam.sieve sievec(gessel): Debug: sieve: file script: Opened script `10-move-spam' from `10-move-spam.sieve' sievec(gessel): Debug: sieve: Script `10-move-spam' from 10-move-spam.sieve successfully compiled and watching the logs: dovecot: lda(ges...@blackrosetech.com): sieve: msgid=: stored mail into mailbox 'INBOX' Success! The permissions correction portion of the error below still seems wrong though, isn't it? And if so, a little misleading. Dec 9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775) Does it seem reasonable to let the port maintainer know to submit a request to include instructions in /usr/ports/UPDATING for recompiling global scripts when necessary (and how to do it)? I checked before posting to the list and the last entry for sieve is this one: 20090828: AFFECTS: users of mail/dovecot and mail/dovecot-sieve AUTHOR: y...@coolrat.org dovecot-sieve has been updated to a new implementation compatible with dovecot 1.2.x. For details of what this means please refer to: http://wiki.dovecot.org/LDA/Sieve/Dovecot#Migration_from_CMUSieve