[Dovecot] mail_extra_groups and home directory permissions

Joe Cooper joe at virtualmin.com
Wed Oct 25 22:05:00 UTC 2006


Hi all,

I've got a virtual hosting environment, where each user lives in 
/home/domain/homes/user, and the mailbox is Maildir within that 
directory.  I've been running into a permissions problem, because it 
seems Dovecot doesn't get the users group membership (which seems odd, 
but I'm not confident enough of my comprehension of Dovecot to call say 
it looks like a bug).

In short, when Dovecot hits the /home/domain directory which is owned by 
domain:domain and set to 750 permissions, it gets a permission denied, 
despite the user having the needed group membership to traverse these 
directories.

So, in an effort to work around this problem, I came upon the 
mail_extra_groups option, which seems to allow me to drop dovecot into 
additional groups.  If I add the domain group to this list, dovecot is 
able to traverse to the correct directory and all works exactly as I 
want it to with the domain directories being set to 750 permissions. 
Hooray!

My only question, since this is not the documented purpose of this 
option, is:

Is it safe to do this?  Am I opening up some other kind of security 
problem by setting this option to include all domain groups?

Thanks for any thoughts anyone might have on this...


More information about the dovecot mailing list