Re: Maildir permissions on creation?
Yes, and it is not my use case, sadly. ACLs are meant for imap, not filesystem access and mail_access_groups is also useless for some reason. It just does not change anything. Probably because I don't use mail_location and variables when I provide path for home. (It's stored as is in a database on mailbox creation.)
26.12.2014, 12:07, "Tobi" tobster@brain-force.ch:
Have you checked the dovecot wiki for 'filepermissions in shared mailboxes' ? Explains how dovecot set ACL when creating mailboxes
Am 26. Dezember 2014 09:37:37 MEZ, schrieb Von Random von@vdrandom.org:
Err, my bad, of course 0640 on files in case of setgid on directories.
The main reason is that I don't want to provide backup user with unnecessary write permissions within maildirs and mail user within backup logs dir. I was talking about mail_user:mail_group 0750 on dirs and 0640 on files. (Or, possibly, mail_user:backup_group 2750 and 2640.) 26.12.2014, 11:19, "Tobi" tobster@brain-force.ch:
Whats the reason you do not want to use default dovecot user. Your idea would assume that at least the group must have write access. For me a no-go on mailboxes. Am 24. Dezember 2014 13:21:15 MEZ, schrieb Von Random von@vdrandom.org:
Hello.
In my configuration dovecot reads home from mysql and uses no variables within it. It uses Maildir++ storage with virtual users. I also happen to use LMTP.
I want to use a backup solution that does not involve running itself as root. Neither do I want to run it as dovecot's mail user.
And there lies the problem: dovecot creates maildirs with 0700 and files within them inherit that set of permissions. And there seems to be no sane way to control it. I think I've figured out what to
26.12.2014, 11:36, "Von Random" von@vdrandom.org: patch in
order to change that default, but if possible, I'd like to avoid doing that.
tl;dr: is it possible to change the default set of permissions for new maildirs created by dovecot? - -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
-----BEGIN PGP SIGNATURE----- Version: APG v1.1.1
iQI7BAEBCgAlBQJUnRoiHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK CRA1HOYlqGik5L9iD/9FIE2JzWfB7fWJEbI3vVg+ar4LRGwW1xNIf8ahlytPbsmH D9dFP3kWpJH6TO41AksNjz/FxHcUqSrlsKYTFUsDZCyb9Zyxd8Jv+dH04FwUzw+y kq+ayoylnTN7Q8mQnqkUpWEuYd5ohWbbUUSguwzN8Zd1T4jCFR9/Lvu0cweE6meu mBGwvXBbfBP4El+mAM2lKnoMXQpMycS6aX7FwQ/fBaoWSkzg/2az69UtqG6LLF67 ZhJkbn17cpT3y/l/2nV5urdcFVh8RoSXNuYyMN4r7IDKQ6BPsneD+839LS9X/gP/ QMuo5nO5xdx4q1bT9gtv1zz5eKAJ1f3R2oPZyxdpiV5PruSY3J3kvu0cF0aJvQF6 +s0iDsoDBcueB6JEUnYAarteWvBvxRnqb8ytju1xbIEkKLZtaS8Gf2cpZ8eA+Ha/ D0zkYfq7bt+Ra7BY6Qh7XMfiN5z9eWe5RqOmVLZRLf9N75U6wWa+fmXpvlqEtGNV pKsgif/ivCHiA24+JSJ1PBRjwO36Tu4MsSlT2WnkvyFBQzFzg9T00fl+uTXzgNEz SBta2wmXk9XVJ9mPzfNrAaAA3+T6H90Sj1CbRt7NZx30UdwYoIL5XXEtnG0p1XdS moe91H2UE+NT+jgj7emAOLxJf86vIwiHCqI0Zl/7wVNJEnKBXJP5WIHcdEDEHg== =Tl/z -----END PGP SIGNATURE-----
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1
iQI7BAEBCgAlBQJUnSVbHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK CRA1HOYlqGik5GvTEACYhFfqS5hK4rAoHCzDd5vFwCLIE/ESheJhREbpewE4k7Nq BGR1hKygYeAnj3w1CB9R4sgRBOTHSpRuIzk1ZMId5UuQOBxy8ukRzA5xiAoP22lw AxB6Ek7e7VLz0998GmoN7uw1t5tczR1SkHscs0XfuBCBJrvo79DHYs7CP18oDTic m5NVJS0MZzJGWPSDGwN6WPwRbLZMTZHc79h+WTmYz9Fzet2As71npvP0PiLd4hQP xMlgUXCF1vXTUPUGf/NtQfy/xjaww4sEMqOxpigjLLMmnz+OFPo9Mar0uWvNBCgq 3rTUqAUaMcLS8ANyvqzPXXba67dl+rNYuK33tWom+H17JzNf1rdYKxtc7IVQgm/E RfYhIejH9yQR0/8CHw+ySF3mJdiQsZHMKL4PwXhRzp9OuOU8RZts1bve8pJEHGSr ZQjqjiNB/DyE0s9uNh94U58mwGT8FKHQPR52EPF2WyNlyet1aYUCNQlXm2Qe+3FI k4D4eJpRfWIHS5x7NALuwrki+/OqFvDphzKCTmhIC2Qa8UnKvxaS9VccW2Z5D9R9 PHoOb2pgm5bIOUtsWUCykDiTwh5IA0jReoGPRlXmFK/tuhHawdrbfUlQ/YrVAX8w p+FhchB5e5LNnBOjIXDB9c+viuobF3qo3uoOqjAwGTkEqIdwsiswCUPfjZJD+A== =XfBH -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 26 Dec 2014, Von Random wrote:
Yes, and it is not my use case, sadly. ACLs are meant for imap, not filesystem access and mail_access_groups is also useless for some reason. It just does not change anything. Probably because I don't use mail_location and variables when I provide path for home. (It's stored as is in a database on mailbox creation.)
I think Tobi means this page: http://wiki2.dovecot.org/SharedMailboxes/Permissions
There you see from which directory filesystem permissions are copied from on creation.
26.12.2014, 12:07, "Tobi" tobster@brain-force.ch:
Have you checked the dovecot wiki for 'filepermissions in shared mailboxes' ? Explains how dovecot set ACL when creating mailboxes
Am 26. Dezember 2014 09:37:37 MEZ, schrieb Von Random von@vdrandom.org:
Err, my bad, of course 0640 on files in case of setgid on directories.
The main reason is that I don't want to provide backup user with unnecessary write permissions within maildirs and mail user within backup logs dir. I was talking about mail_user:mail_group 0750 on dirs and 0640 on files. (Or, possibly, mail_user:backup_group 2750 and 2640.) 26.12.2014, 11:19, "Tobi" tobster@brain-force.ch:
Whats the reason you do not want to use default dovecot user. Your idea would assume that at least the group must have write access. For me a no-go on mailboxes. Am 24. Dezember 2014 13:21:15 MEZ, schrieb Von Random von@vdrandom.org:
Hello.
In my configuration dovecot reads home from mysql and uses no variables within it. It uses Maildir++ storage with virtual users. I also happen to use LMTP.
I want to use a backup solution that does not involve running itself as root. Neither do I want to run it as dovecot's mail user.
And there lies the problem: dovecot creates maildirs with 0700 and files within them inherit that set of permissions. And there seems to be no sane way to control it. I think I've figured out what to
26.12.2014, 11:36, "Von Random" von@vdrandom.org: patch in
order to change that default, but if possible, I'd like to avoid doing that.
tl;dr: is it possible to change the default set of permissions for new maildirs created by dovecot? - -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. > -----BEGIN PGP SIGNATURE----- > Version: APG v1.1.1 > > iQI7BAEBCgAlBQJUnRoiHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK > CRA1HOYlqGik5L9iD/9FIE2JzWfB7fWJEbI3vVg+ar4LRGwW1xNIf8ahlytPbsmH > D9dFP3kWpJH6TO41AksNjz/FxHcUqSrlsKYTFUsDZCyb9Zyxd8Jv+dH04FwUzw+y > kq+ayoylnTN7Q8mQnqkUpWEuYd5ohWbbUUSguwzN8Zd1T4jCFR9/Lvu0cweE6meu > mBGwvXBbfBP4El+mAM2lKnoMXQpMycS6aX7FwQ/fBaoWSkzg/2az69UtqG6LLF67 > ZhJkbn17cpT3y/l/2nV5urdcFVh8RoSXNuYyMN4r7IDKQ6BPsneD+839LS9X/gP/ > QMuo5nO5xdx4q1bT9gtv1zz5eKAJ1f3R2oPZyxdpiV5PruSY3J3kvu0cF0aJvQF6 > +s0iDsoDBcueB6JEUnYAarteWvBvxRnqb8ytju1xbIEkKLZtaS8Gf2cpZ8eA+Ha/ > D0zkYfq7bt+Ra7BY6Qh7XMfiN5z9eWe5RqOmVLZRLf9N75U6wWa+fmXpvlqEtGNV > pKsgif/ivCHiA24+JSJ1PBRjwO36Tu4MsSlT2WnkvyFBQzFzg9T00fl+uTXzgNEz > SBta2wmXk9XVJ9mPzfNrAaAA3+T6H90Sj1CbRt7NZx30UdwYoIL5XXEtnG0p1XdS > moe91H2UE+NT+jgj7emAOLxJf86vIwiHCqI0Zl/7wVNJEnKBXJP5WIHcdEDEHg== > =Tl/z > -----END PGP SIGNATURE-----
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1
iQI7BAEBCgAlBQJUnSVbHhxUb2JpIDx0b2JzdGVyQGJyYWluLWZvcmNlLmNoPgAK CRA1HOYlqGik5GvTEACYhFfqS5hK4rAoHCzDd5vFwCLIE/ESheJhREbpewE4k7Nq BGR1hKygYeAnj3w1CB9R4sgRBOTHSpRuIzk1ZMId5UuQOBxy8ukRzA5xiAoP22lw AxB6Ek7e7VLz0998GmoN7uw1t5tczR1SkHscs0XfuBCBJrvo79DHYs7CP18oDTic m5NVJS0MZzJGWPSDGwN6WPwRbLZMTZHc79h+WTmYz9Fzet2As71npvP0PiLd4hQP xMlgUXCF1vXTUPUGf/NtQfy/xjaww4sEMqOxpigjLLMmnz+OFPo9Mar0uWvNBCgq 3rTUqAUaMcLS8ANyvqzPXXba67dl+rNYuK33tWom+H17JzNf1rdYKxtc7IVQgm/E RfYhIejH9yQR0/8CHw+ySF3mJdiQsZHMKL4PwXhRzp9OuOU8RZts1bve8pJEHGSr ZQjqjiNB/DyE0s9uNh94U58mwGT8FKHQPR52EPF2WyNlyet1aYUCNQlXm2Qe+3FI k4D4eJpRfWIHS5x7NALuwrki+/OqFvDphzKCTmhIC2Qa8UnKvxaS9VccW2Z5D9R9 PHoOb2pgm5bIOUtsWUCykDiTwh5IA0jReoGPRlXmFK/tuhHawdrbfUlQ/YrVAX8w p+FhchB5e5LNnBOjIXDB9c+viuobF3qo3uoOqjAwGTkEqIdwsiswCUPfjZJD+A== =XfBH -----END PGP SIGNATURE-----
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVLToRnz1H7kL/d9rAQKEaQf/WyLdX/Kd8/RE3YptqbZ7EL+kA9Fg1m1b Mi+LL6fw/Fya+OW2woRa9zQEi3/IGMGZGwbFN5ZvEp+EdIfHZMcy4Gi9a/I1+KDD Q8ePq4lZ4oKvjMrWNk2Jvn+JUszdtzDs0ONzh9JG9zOXPOa9n3CDZ9jdSw6bHNyT KuvB6YIOxz2a8QJ6IQtzWrO36fu13rt0n0NTfgsuaNpX0nYJdcsJ1QC5WBHAEHKe rty5WQH/xcaDkUrOWOL+wAM4jFT5Uou9y9yxLsi3GUCMd03Efp+t3dFZgScES8Ib WrpIDJmw6wUpfVFRfJnpUdfLt9rCxdwBZphPiH1CKHYrRwwGQE9Ujw== =o00L -----END PGP SIGNATURE-----
participants (2)
-
Steffen Kaiser
-
Von Random