On Wed, 2009-06-17 at 16:38 +0200, Steffen Kaiser wrote:
I've copied the default mail_location and changed its CONTROL and INDEX settings:
namespace shared { ...
What does this "..." contain? :) Like prefix, separator?
a) IMAP insists to connect to $install_prefix/var/run/dovecot/auth-master instead of /var/run/dovecot/auth-master used by deliver.
It connects to base_dir/var/run/dovecot/ where base_dir is the setting in dovecot.conf.
b) This socket needs to be r/w for every user, which is a security risk as mentioned in the conf and the default permission is 0600.
It allows looking up userdb data, which is pretty similar to being able to do cat /etc/passwd. So not a huge security risk, but..
For deliver I changed the socket attr to permission 0660 and group=mail; for making %%h work I added mail_access_groups=mail
I would have used a different group than "mail", since it's often used by the system for other things too.
There had been a suggestion of a special user-shared namespace a while back. How about to add the base location in the shared-mailboxes.db? So instead of "1" the value is the base of the shared location, e.g. maildir:/local/testuser or maildir:/home/user/Maildir..., and some %%? token takes the string from there. Because the path is known from the db now, the other problems mentioned above do no longer apply.
And when the path is changed in userdb, it points to a wrong location.