On 22.1.2013, at 21.44, Tim Marston <tim@ed.am> wrote:
On Tue, Jan 15, 2013 at 11:33:08PM +0000, Tim Marston wrote:
Would it be acceptable to setgid the dovecot executable and change it's group to "mail" (i.e.,
chgrp mail dovecot
andchmod g+s dovecot
)? Would this pose some kind of security risk? Would this actualy do what I want, or am I missing a bigger picture?Just to confirm, doing the following fixed the problem for me:
# chgrp mail /usr/bin/dovecot # chmod g+s /usr/bin/dovecot
I am still able to use IMAP normally, and I am now also able to set up mutt with the following:
You've now basically given any user ability to run any process with mail group privileges.
My INBOX in no longer occasionally read-only, and I no longer get the following error in /var/log/mail.err:
Jan 22 08:48:59 mailhost IMAP(user): : file_dotlock_create(/var/mail/user) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /var/mail) (set mail_privileged_group=mail)
Other possibilities:
a) Deliver mails elsewhere than /var/mail/ (under each user's home dir)
b) Don't use dotlocking: mbox_write_locks = fcntl
c) Make /var/mail/ 01777 permissions