[Dovecot] 1.2.3 - fchown failed messages
Axel Thimm
Axel.Thimm at ATrpms.net
Thu Aug 6 21:00:45 EEST 2009
Hi,
On Tue, Aug 04, 2009 at 08:00:42PM -0400, Timo Sirainen wrote:
> On Tue, 2009-08-04 at 19:53 -0400, Rob Mangiafico wrote:
> > > What permissions does /var/spool/mail/john have? I guess mail group has
> > > read permissions? Just removing that should fix the error.
> >
> > -rw-rw---- 1 john mail 5676767 Aug 4 19:50 /var/spool/mail/john
> >
> > Those are the default permissions that sendmail uses I believe. Not sure
> > if removing "mail" group r/w would have any other impact for
> > sendmail/procmail? Thanks for taking the time to help.
>
> It depends on your setup, but usually mail group shouldn't need read or
> write access to users' mails. Seems like a security risk to me in any
> case.
I think that's the standard setup on Red Hat/CentOS/Fedora boxes. User
mboxes are by default owned by <user>:mail with 0660, while the
spooldir is owned root:mail with 0775
# useradd abc123
# ls -ltrAd /var/spool/mail{,/abc123}
-rw-rw---- 1 abc123 mail 0 2009-08-06 19:44 /var/spool/mail/abc123
drwxrwxr-x. 2 root mail 4096 2009-08-06 19:44 /var/spool/mail
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20090806/2edbf121/attachment.bin
More information about the dovecot
mailing list