[Dovecot] Problem with created ~/mail directory
Chris Adams
cmadams at hiwaay.net
Fri Feb 5 19:20:59 EET 2010
If a user doesn't have a ~/mail directory and logs in, the directory is
created for them. However, it is created with insecure permissions,
0770 (full group access).
The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c:
#define CREATE_MODE 0770 /* umask() should limit it more */
The code then uses CREATE_MODE as an argument to mkdir_parents(), but
mkdir_parents() overrides the umask setting and forces the requested
permissions. There's no way to override this except to change the
source code.
It looks like the same thing is in dbox-storage.c and cydir-storage.c.
This is with Dovecot 1.2.10.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the dovecot
mailing list