Once upon a time, Timo Sirainen tss@iki.fi said:
On Fri, 2010-02-05 at 11:20 -0600, Chris Adams wrote:
If a user doesn't have a ~/mail directory and logs in, the directory is created for them. However, it is created with insecure permissions, 0770 (full group access).
The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c:
#define CREATE_MODE 0770 /* umask() should limit it more */
Fixed: http://hg.dovecot.org/dovecot-1.2/rev/99caf87fb3ce
Also v2.0 handles this by copying the parent directory's permissions.
I'm not sure that copying the parent directory's permissions is the correct thing in all cases. Children of the home directory (e.g. ~/mail, ~/sieve) may need to be handled as a special case.
For example, I have a server that handles mail, web, and shell accounts for a number of users. Since it handles web for the users, they have ~/public_html, and their home directory has to have at least world-execute for ~/public_html to be visible. However, that doesn't mean that ~/mail should also have world-execute.
I can create ~/mail and ~/sieve with 0700 perms, but some users (which do dumb things all the time) will at some point delete one or both of those directories. Then the next time Dovecot needs one, it would copy home directory perms, which are at a minimum 0701.
-- Chris Adams cmadams@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.