dovecot-1.0: Added a warning comment to mail_extra_groups.
dovecot at dovecot.org
dovecot at dovecot.org
Sat Feb 16 16:24:05 EET 2008
details: http://hg.dovecot.org/dovecot-1.0/rev/e72aea9fc807
changeset: 5517:e72aea9fc807
user: Timo Sirainen <tss at iki.fi>
date: Sat Feb 16 16:24:35 2008 +0200
description:
Added a warning comment to mail_extra_groups.
diffstat:
1 file changed, 3 insertions(+)
dovecot-example.conf | 3 +++
diffs (13 lines):
diff -r e2b802b27bad -r e72aea9fc807 dovecot-example.conf
--- a/dovecot-example.conf Fri Feb 15 13:23:20 2008 +0200
+++ b/dovecot-example.conf Sat Feb 16 16:24:35 2008 +0200
@@ -254,6 +254,9 @@
# Grant access to these extra groups for mail processes. Typical use would be
# to give "mail" group write access to /var/mail to be able to create dotlocks.
+# WARNING: If your users can create symlinks, this will allow the users to
+# read any files that are group-readable by one of these groups! Make sure at
+# least all the common mailboxes have 0600 permissions (or a different group).
#mail_extra_groups =
# Allow full filesystem access to clients. There's no access checks other than
More information about the dovecot-cvs
mailing list