On 10/05/2010 07:35 PM, Timo Sirainen wrote:
On 6.10.2010, at 0.26, David Ford wrote:
it's a bug in dovecot to assume a) the user wants this gid change even without setgid, and b) that it can change the gid to an arbitrary value of a parent directory.
other software runs as <something>:net-mail, and it's use and operation is not applicable to this discussion. mode 0700 is not functional for this group of software and mode 0770 is too lax. Your situation seems like a very special case that probably doesn't exist just about anywhere else. Unless someone can give me a specific use case for this that can't be solved nicely some other way, I'm not changing Dovecot's behavior.
what is the purpose in dovecot assuming that it should set a gid other than the userid:gid it's operating under?
security minded folks make explicit permissions on directories to prevent software from errantly setting loose ownership which might lead to unintended information leakage or unauthorized access by other software. the directory is not setgid, programs should not attempt to give away ownership unless directed to.
consider /tmp. it would be onerous to write files in /tmp and attempt to set the group ownership to root. currently, about 40% of the files and directories under /var are set to <x>:<x> where /var is owned by root:root.
it's simply bad practice to give away ownership unless there is a reason for it, and a common vector for exploitation.