On Tue, 2008-03-04 at 08:35 +0200, Timo Sirainen wrote:
mail_extra_groups=mail setting is often used insecurely to give Dovecot access to create dotlocks to /var/mail directory. If you don't use mboxes in /var/mail, make sure this setting is cleared.
If you do use /var/mail mboxes and Dovecot gives permission errors without it, do one of the following (in the preferred order):
Yup, still using /var/mail mboxes. A fact I didn't get around to change yet.
a) Upgrade to v1.0.11 and use the new mail_privileged_group setting instead of mail_extra_groups.
Just did so on my personal, local IMAP server, and now I get these:
# tail -n 1 /var/log/mail/errors Mar 4 19:13:32 delta dovecot: IMAP(guenther): open(/var/spool/mail/.temp.delta.32268.d6ed77a67d018ba9) failed: Permission denied
# ls -ld /var/mail /var/spool/mail lrwxrwxrwx 1 root root 10 Mar 27 2007 /var/mail -> spool/mail/ drwxrwsr-t 2 root mail 1024 Mar 4 19:17 /var/spool/mail/
b) Make /var/mail sticky and world-writable (chmod 01777 /var/mail) and clear mail_extra_groups setting.
Yeah, 'chmod o+w /var/spool/mail' worked around the permission errors for now. But this shouldn't be necessary, right?
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i