Timo Sirainen inscribed:
Have you set mbox_very_dirty_syncs=yes? That should be helpful.
Oh, that sounded like a risky option.
I do have mbox_dirty_syncs enabled.
Are there still "safety checks" with the extra down-and-dirty sync option?
Joseph Tam-a-lyne wrote:
doveadm user $user
which will supply the second half: it will spit out the UID, GID, home and mail directories of a user as specified by dovecot's configuration.
Yes, that outputs the UID/GID/location of user mail, which can feed a tool to audit and/or change directory permissions to conform to expectations.
This is a consequence of writing secure software: it employs least privilege so that a fault will not result in someone being able to mess around with someone else's mail (or indices). GID can also governaccess to shared mailboxes.
Sure, sure, I understand the notion, as I aspire towards "least privilege necessary" designs in my own software. In this case, it seemed that the software was throwing an error when it failed to do something most unprivileged processes cannot do: change the group ownership of an object to a group of which you're not a member.
I would certainly want log entries, sure... but an outright failure when ownership/u+ permissions are otherwise supportive of the operation in question?
I appreciate the fact my questions (and Piltdown Box) are probably noising up your list, and yet you're still both giving me the time of day.
My thanks, once again, =M=