Minor patches for builds against ancient platforms
M. Balridge
dovecot at r.paypc.com
Wed Jun 14 01:00:39 EEST 2017
Timo Sirainen inscribed:
> Have you set mbox_very_dirty_syncs=yes? That should be helpful.
Oh, that sounded like a risky option.
I do have mbox_dirty_syncs enabled.
Are there still "safety checks" with the extra down-and-dirty sync option?
Joseph Tam-a-lyne wrote:
> doveadm user $user
>
> which will supply the second half: it will spit out the UID, GID, home
> and mail directories of a user as specified by dovecot's
> configuration.
Yes, that outputs the UID/GID/location of user mail, which can feed a
tool to audit and/or change directory permissions to conform to
expectations.
> This is a consequence of writing secure software: it employs least
> privilege so that a fault will not result in someone being able to
> mess around with someone else's mail (or indices). GID can also
> governaccess to shared mailboxes.
Sure, sure, I understand the notion, as I aspire towards "least
privilege necessary" designs in my own software. In this case, it seemed
that the software was throwing an error when it failed to do something
most unprivileged processes cannot do: change the group ownership of an
object to a group of which you're not a member.
I would certainly want log entries, sure... but an outright failure when
ownership/u+ permissions are otherwise supportive of the operation in
question?
I appreciate the fact my questions (and Piltdown Box) are probably
noising up your list, and yet you're still both giving me the time of day.
My thanks, once again,
=M=
More information about the dovecot
mailing list