[Dovecot] Mail location security
Steffen Kaiser
skdovecot at smail.inf.fh-brs.de
Thu Feb 6 07:29:37 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 5 Feb 2014, Roman Gelfand wrote:
> I am not sure I understood this issue correctly... When using maildir
> with ie ldap. Suppose ldap attribute settings say gid 8 and uid 999,
> Those are the permissions for every email address. If so, someone who
> has access to one email user on the server, has access to all. If
> this is so, is using mailbox instead of maildir resolve this problem?
If all users have the same uid and gid, there is no difference which mail
storage format you use, as long as the security is concerned. You need to
make sure, that no user may accidently or purposefully gain access to
another userś files. Actually, using the same ids will help you, if you
want to _purposefully_ share files to another user ;-)
So: Do not let your users telnet, ftp, ssh, or whatever to your host, but
restrict any access to IMAP, POP3, ManageSieve and other protocols, where
you control which files they have access to.
Please understand: The uid/gid stuff applies to the plain Unix file
permissions, no more no less. No IMAP ACLs, ... .
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUvM54XD1/YhP6VMHAQI4FAf/etsweHGV7+km/ARF+LvZiYT4pIjFg7rF
KuKfWLH5SMdm4k1MxA6sZ6Yl9QLX1FUl/np7VT1bFNxvDBQy1DJsT3+Sid5a69/i
3SVPAUbQnliMBlqOIltpV8qgDQJg9UGdSBbcVUj1yV2Y0muwo+jW357gspg+CFGA
bT/wbYKT/hqzS05X43dT4tzr6EjS6/lsPOX/XBSL1raCc5pSI/1OT+aGobs0ybMg
SmlSkUjF1IsbHQ5oKz48AV4sdA/gGsdLgZxlsQOMfEFkJWoqMFqw3mxCU+wxzdo3
BnQOACDpVwP+bciucxmbDdhqAkzVe6TDqt9RYJfxfbBSs4S+59DY8A==
=Dgct
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list