[Dovecot] mail_extra_groups and home directory permissions
Joe Cooper
joe at virtualmin.com
Wed Oct 25 22:05:00 UTC 2006
Hi all,
I've got a virtual hosting environment, where each user lives in
/home/domain/homes/user, and the mailbox is Maildir within that
directory. I've been running into a permissions problem, because it
seems Dovecot doesn't get the users group membership (which seems odd,
but I'm not confident enough of my comprehension of Dovecot to call say
it looks like a bug).
In short, when Dovecot hits the /home/domain directory which is owned by
domain:domain and set to 750 permissions, it gets a permission denied,
despite the user having the needed group membership to traverse these
directories.
So, in an effort to work around this problem, I came upon the
mail_extra_groups option, which seems to allow me to drop dovecot into
additional groups. If I add the domain group to this list, dovecot is
able to traverse to the correct directory and all works exactly as I
want it to with the domain directories being set to 750 permissions.
Hooray!
My only question, since this is not the documented purpose of this
option, is:
Is it safe to do this? Am I opening up some other kind of security
problem by setting this option to include all domain groups?
Thanks for any thoughts anyone might have on this...
More information about the dovecot
mailing list