Hi,
I got no reply about this, so I thought I'd just follow-up...
On Tue, Jan 15, 2013 at 11:33:08PM +0000, Tim Marston wrote:
Would it be acceptable to setgid the dovecot executable and change it's group to "mail" (i.e.,
chgrp mail dovecotandchmod g+s dovecot)? Would this pose some kind of security risk? Would this actualy do what I want, or am I missing a bigger picture?
Just to confirm, doing the following fixed the problem for me:
# chgrp mail /usr/bin/dovecot # chmod g+s /usr/bin/dovecot
I am still able to use IMAP normally, and I am now also able to set up mutt with the following:
set tunnel="ssh -q mailhost '/usr/sbin/dovecot --exec-mail imap'"
My INBOX in no longer occasionally read-only, and I no longer get the following error in /var/log/mail.err:
Jan 22 08:48:59 mailhost IMAP(user): : file_dotlock_create(/var/mail/user) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /var/mail) (set mail_privileged_group=mail)
I would still like confirmation from a dovecot dev that it is OK to set up dovecot this way. Any comments?
Kind regards,
-- Tim Marston ed.am