[Dovecot] mail_extra_groups and home directory permissions
Gerard Seibert
gerard at seibercom.net
Thu Oct 26 00:26:25 UTC 2006
On Wednesday October 25, 2006 at 05:05:00 (PM) Joe Cooper wrote:
> I've got a virtual hosting environment, where each user lives in
> /home/domain/homes/user, and the mailbox is Maildir within that
> directory. I've been running into a permissions problem, because it
> seems Dovecot doesn't get the users group membership (which seems odd,
> but I'm not confident enough of my comprehension of Dovecot to call say
> it looks like a bug).
>
> In short, when Dovecot hits the /home/domain directory which is owned by
> domain:domain and set to 750 permissions, it gets a permission denied,
> despite the user having the needed group membership to traverse these
> directories.
>
> So, in an effort to work around this problem, I came upon the
> mail_extra_groups option, which seems to allow me to drop dovecot into
> additional groups. If I add the domain group to this list, dovecot is
> able to traverse to the correct directory and all works exactly as I
> want it to with the domain directories being set to 750 permissions.
> Hooray!
>
> My only question, since this is not the documented purpose of this
> option, is:
>
> Is it safe to do this? Am I opening up some other kind of security
> problem by setting this option to include all domain groups?
>
> Thanks for any thoughts anyone might have on this...
I was having a problem similar to yours. I ended up giving the
/var/mail/vhosts/domain/{$user} directory '1777' permissions to get
dovecot to operate on it. I will give your idea a try though.
--
Gerard
More information about the dovecot
mailing list