[Dovecot] Dovecot v1.2 share user Maildir problems with %%h
Timo Sirainen
tss at iki.fi
Wed Jun 17 19:32:43 EEST 2009
On Wed, 2009-06-17 at 16:38 +0200, Steffen Kaiser wrote:
> I've copied the default mail_location and changed its CONTROL and INDEX
> settings:
>
> namespace shared {
> ...
What does this "..." contain? :) Like prefix, separator?
> a) IMAP insists to connect to $install_prefix/var/run/dovecot/auth-master
> instead of /var/run/dovecot/auth-master used by deliver.
It connects to base_dir/var/run/dovecot/ where base_dir is the setting
in dovecot.conf.
> b) This socket needs to be r/w for every user, which is a security risk as
> mentioned in the conf and the default permission is 0600.
It allows looking up userdb data, which is pretty similar to being able
to do cat /etc/passwd. So not a huge security risk, but..
> For deliver I changed the socket attr to permission 0660 and group=mail;
> for making %%h work I added mail_access_groups=mail
I would have used a different group than "mail", since it's often used
by the system for other things too.
> There had been a suggestion of a special user-shared namespace a while
> back. How about to add the base location in the shared-mailboxes.db? So
> instead of "1" the value is the base of the shared location, e.g.
> maildir:/local/testuser or maildir:/home/user/Maildir..., and some %%?
> token takes the string from there. Because the path is known from the db
> now, the other problems mentioned above do no longer apply.
And when the path is changed in userdb, it points to a wrong location.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090617/4ae13cdf/attachment.bin
More information about the dovecot
mailing list