[Dovecot] mail_extra_groups and home directory permissions

Gerard Seibert gerard at seibercom.net
Thu Oct 26 00:26:25 UTC 2006


On Wednesday October 25, 2006 at 05:05:00 (PM) Joe Cooper wrote:

> I've got a virtual hosting environment, where each user lives in 
> /home/domain/homes/user, and the mailbox is Maildir within that 
> directory.  I've been running into a permissions problem, because it 
> seems Dovecot doesn't get the users group membership (which seems odd, 
> but I'm not confident enough of my comprehension of Dovecot to call say 
> it looks like a bug).
> 
> In short, when Dovecot hits the /home/domain directory which is owned by 
> domain:domain and set to 750 permissions, it gets a permission denied, 
> despite the user having the needed group membership to traverse these 
> directories.
> 
> So, in an effort to work around this problem, I came upon the 
> mail_extra_groups option, which seems to allow me to drop dovecot into 
> additional groups.  If I add the domain group to this list, dovecot is 
> able to traverse to the correct directory and all works exactly as I 
> want it to with the domain directories being set to 750 permissions. 
> Hooray!
> 
> My only question, since this is not the documented purpose of this 
> option, is:
> 
> Is it safe to do this?  Am I opening up some other kind of security 
> problem by setting this option to include all domain groups?
> 
> Thanks for any thoughts anyone might have on this...

I was having a problem similar to yours. I ended up giving the
/var/mail/vhosts/domain/{$user} directory '1777' permissions to get
dovecot to operate on it. I will give your idea a try though.

-- 
Gerard


More information about the dovecot mailing list