[Dovecot] Feature request for maildir style boxes

[David Ford]

On 10/05/2010 06:44 PM, Timo Sirainen wrote:
> On 5.10.2010, at 23.38, David Ford wrote:
>
>> net-mail group is used by sendmail, procmail, dovecot, and additional
>> programs that read/write in the users mail directory. 
> Can you give some specific examples?
>
i did.  sendmail accesses .forward or aliasing files, procmail does
delivery, dovecot does read/write for imap, pine reads and writes and
webmail cgi reads and writes or uses imap.

>>    drwxr-x--- david  net-mail /home/david/.maildir
>>    drwx------ david     david /home/david/.maildir/cur
> Does new/ and tmp/ directories then have netmail-rx so mails can be delivered? What about non-INBOX mailboxes? Or what exactly is the point of not just making .maildir/ 0700? Or if new/ dir is g+rw, is it important that cur/ directory isn't?
>
new/ and tmp/ are set to david:david 0700 as cur/ is, as well as all
non-INBOX.  .maildir cannot be 0700 because programs that don't run as
the same userid but only as the group id cannot then access the .maildir
directory.  it's not important that they have access to files below the
top level mail store.  procmail issues an error when writing in tmp/ as
well.

~/.maildir/ is not setgid because i don't want files forced to the
net-mail group.  dovecot is taking it upon itself to do so anyway. 
that's nice and all, but not desired and the directory permissions
aren't set for this policy.  to be technical, it's unexpected.  i want
my email files to be set to david:david, not david:other-group.  dovecot
should not assume that the gid should be set differently from my user's gid.

the group permissions are set for read/exec in this directory for this
group, the minimum needed for all the daemons to play nicely with each
other, and with the user.