[Dovecot] Securing mailboxes and passwords

Daniel Aleksandersen aleksandersen+dovecot at runbox.com
Wed Feb 25 01:25:51 EET 2009


Sendt: Wed, 25 Feb 2009 00:09:10 +0100
Fra: Pascal Volk
> On 24.02.2009 23:54 Daniel Aleksandersen wrote:
> > I have tried different options on my maildirs. Dovecot gives me permission errors
> > unless I set it to 775. I have seen that many mention 660 as the best permission
> > setting for maildirs when used in setups similar to my own. Can anyone explain
> > why my maildir must be executable and accessible to everyone?
> 
> No, they must not be accessible for everyone, only for the user, that
> owns the maildir. For example:
> 
> el-negro 70014 # ll -d Maildir
> drwx------ 21 70014 70002 4096 2009-02-24 19:36 Maildir
> el-negro 70014 # ll -d Maildir/.INBOX.Lists.Dovecot
> drwx------ 5 70014 70002 4096 2009-02-24 23:56 Maildir/.INBOX.Lists.Dovecot
> el-negro 70014 # ll Maildir/.INBOX.Lists.Dovecot/cur/1235516104.M562448P18642.el-negro\,W\=3966\:2\,Sa 
> -rw------- 1 70014 70002 3886 2009-02-24 23:55 Maildir/.INBOX.Lists.Dovecot/cur/1235516104.M562448P18642.el-negro,W=3966:2,Sa
> 
> But this may require a root-setuid deliver binary, when using
> multiple virtual UIDs. See http://wiki.dovecot.org/LDA#multipleuids
The recepie assumes I have a group called secmail. I don’t. Am I supposed to create
a special group for this purpose?
-- 
Daniel


More information about the dovecot mailing list