[Dovecot] some Maildir files not honoring dovecot-shared
I'm using RC15 on Solaris 9. The wiki indicates that when a dovecot-shared file exists, "Dovecot uses the same permissions and GID when it creates index files, dovecot-uidlist file, new mail files, etc." In my case, Dovecot *is* creating new index files based on dovecot-shared, but dovecot-uidlist and individual message files don't completely match the permissions/group template. Specifically, dovecot-uidlist isn't taking the group from dovecot-uidlist, and individual messages files don't seem to be honoring dovecot-shared at all (group or permissions).
Here's an example; every file and directory below in .abusetest-in was created by Dovecot *except* for dovecot-shared (I let Dovecot create cur, new, tmp just to see what it would do, but I know that I can create and fix the group and permissions on these directories myself in a sharing situation):
glenn@tony:~/Maildir/.abusetest-in$ ls -lR .: total 34 drwx------ 2 glenn adm 512 Jan 9 09:58 cur/ -rwxrwx--- 1 glenn abuse 0 Jan 9 09:57 dovecot-shared* -rw-rw---- 1 glenn adm 44 Jan 9 09:58 dovecot-uidlist -rw-rw---- 1 glenn abuse 156 Jan 9 09:58 dovecot.index -rw-rw---- 1 glenn abuse 10272 Jan 9 09:58 dovecot.index.cache -rw-rw---- 1 glenn abuse 156 Jan 9 09:58 dovecot.index.log drwx------ 2 glenn adm 512 Jan 9 09:58 new/ drwx------ 2 glenn adm 512 Jan 9 09:58 tmp/
./cur: total 4 -rw------- 2 glenn adm 1438 Jan 5 09:59 1168354728.P15661Q0M891161.tony:2,S
./new: total 0
./tmp: total 0 glenn@tony:~/Maildir/.abusetest-in$
I see in the RC16 release notes that there was a fix for the dovecot-keywords file, but it doesn't mention these other files. Is this a bug, or am I misunderstanding how the dovecot-shared file should work?
Thanks very much, Glenn
-- Glenn Leavell <glenn@usg.edu> Office of Information and Instructional Technology Board of Regents of the University System of Georgia
On Tue, Jan 09, 2007 at 10:15:58AM -0500, Glenn Leavell wrote:
I'm using RC15 on Solaris 9. The wiki indicates that when a dovecot-shared file exists, "Dovecot uses the same permissions and GID when it creates index files, dovecot-uidlist file, new mail files, etc." In my case, Dovecot *is* creating new index files based on dovecot-shared, but dovecot-uidlist and individual message files don't completely match the permissions/group template. Specifically, dovecot-uidlist isn't taking the group from dovecot-uidlist, and individual messages files don't seem to be honoring dovecot-shared at all (group or permissions).
I don't know if the following is related to the above, but I thought I'd include it here just in case. After setting umask = 0007 in dovecot.conf, dovecot-uidlist, dovecot.index, and dovecot.index.log are not created with the new mask; however, the maildir parent directory, cur, new, tmp, and the maildirfolder file *are* created with the new mask:
$ ls -l total 12 drwxrwx--- 2 glenn adm 512 Jan 10 01:37 cur/ -rw------- 1 glenn adm 44 Jan 10 01:37 dovecot-uidlist -rw------- 1 glenn adm 120 Jan 10 01:37 dovecot.index -rw------- 1 glenn adm 24 Jan 10 01:37 dovecot.index.log -rw-rw---- 1 glenn adm 0 Jan 10 01:37 maildirfolder drwxrwx--- 2 glenn adm 512 Jan 10 01:37 new/ drwxrwx--- 2 glenn adm 512 Jan 10 01:37 tmp/
I'm experimenting with using the umask setting for shared folders. In the case of sharing, won't the index files, etc. need to be readable by the sharing group as well?
Thanks, Glenn
-- Glenn Leavell <glenn@usg.edu> Office of Information and Instructional Technology Board of Regents of the University System of Georgia
On Wednesday 10 January 2007 06:54, Glenn Leavell wrote:
I don't know if the following is related to the above, but I thought I'd include it here just in case. After setting umask = 0007 in dovecot.conf, dovecot-uidlist, dovecot.index, and dovecot.index.log are not created with the new mask; however, the maildir parent directory, cur, new, tmp, and the maildirfolder file *are* created with the new mask:
$ ls -l total 12 drwxrwx--- 2 glenn adm 512 Jan 10 01:37 cur/ -rw------- 1 glenn adm 44 Jan 10 01:37 dovecot-uidlist -rw------- 1 glenn adm 120 Jan 10 01:37 dovecot.index -rw------- 1 glenn adm 24 Jan 10 01:37 dovecot.index.log -rw-rw---- 1 glenn adm 0 Jan 10 01:37 maildirfolder drwxrwx--- 2 glenn adm 512 Jan 10 01:37 new/ drwxrwx--- 2 glenn adm 512 Jan 10 01:37 tmp/
I'm experimenting with using the umask setting for shared folders. In the case of sharing, won't the index files, etc. need to be readable by the sharing group as well?
I concur: the umask is not honoured when Dovecot creates a new Maildir file. This has been the case at least as far back as v0.99.14.
Doesn't this completely defeat use of shared folders? For me this bug is a problem because I want to process Maildirs with a cron process running as uid mail, but group write permission is not set on created message files.
Steve.
-- A verbal contract isn't worth the paper it's written on. -- Samuel Goldwyn
On Thu, Jan 11, 2007 at 05:07:39PM +0000, Steve James wrote:
On Wednesday 10 January 2007 06:54, Glenn Leavell wrote:
I don't know if the following is related to the above, but I thought I'd include it here just in case. After setting umask = 0007 in dovecot.conf, dovecot-uidlist, dovecot.index, and dovecot.index.log are not created with the new mask; however, the maildir parent directory, cur, new, tmp, and the maildirfolder file *are* created with the new mask:
$ ls -l total 12 drwxrwx--- 2 glenn adm 512 Jan 10 01:37 cur/ -rw------- 1 glenn adm 44 Jan 10 01:37 dovecot-uidlist -rw------- 1 glenn adm 120 Jan 10 01:37 dovecot.index -rw------- 1 glenn adm 24 Jan 10 01:37 dovecot.index.log -rw-rw---- 1 glenn adm 0 Jan 10 01:37 maildirfolder drwxrwx--- 2 glenn adm 512 Jan 10 01:37 new/ drwxrwx--- 2 glenn adm 512 Jan 10 01:37 tmp/
I'm experimenting with using the umask setting for shared folders. In the case of sharing, won't the index files, etc. need to be readable by the sharing group as well?
I concur: the umask is not honoured when Dovecot creates a new Maildir file. This has been the case at least as far back as v0.99.14.
Doesn't this completely defeat use of shared folders? For me this bug is a problem because I want to process Maildirs with a cron process running as uid mail, but group write permission is not set on created message files.
Steve.
You may have seen that I sent an update yesterday: While I can't get umask to affect individual message files, those files *do* inherit the permissions template of a dovecot-shared file in the Maildir parent directory. They don't, however, inherit the actual *group* of dovecot-shared.
A workaround for getting your message files set to the correct group ownership is to set the group ownership of your Maildir parent directories and the cur, new, and tmp subdirectories to the value of your shared group and then turn on the "set group ID" bit (mode 2000 or "chmod g+x") for those directories. On many systems, that will cause any file or group created in those directories to be created with the corresponding group of its parent. For example:
$ ls -ld .sharedtest drwxrws--- 5 glenn shared 512 Jan 10 23:32 .sharedtest/ $ ls -l .sharedtest total 580 drwxrws--- 2 glenn shared 14848 Jan 10 23:30 cur/ -rw-rw---- 1 glenn shared 50 Jan 10 23:24 dovecot-keywords -rw-rw---- 1 glenn shared 0 Jan 10 22:21 dovecot-shared -rw-rw---- 1 glenn shared 11696 Jan 10 23:30 dovecot-uidlist -rw-rw---- 1 glenn shared 5920 Jan 10 23:30 dovecot.index -rw-rw---- 1 glenn shared 215040 Jan 10 23:29 dovecot.index.cache -rw-rw---- 1 glenn shared 30544 Jan 10 23:30 dovecot.index.log -rw-rw---- 1 glenn shared 0 Jan 10 22:20 maildirfolder drwxrws--- 2 glenn shared 512 Jan 10 22:20 new/ drwxrws--- 2 glenn shared 512 Jan 10 23:27 tmp/
Glenn
On Thu, 2007-01-11 at 16:38 -0500, Glenn Leavell wrote:
You may have seen that I sent an update yesterday: While I can't get umask to affect individual message files, those files *do* inherit the permissions template of a dovecot-shared file in the Maildir parent directory. They don't, however, inherit the actual *group* of dovecot-shared.
Fixed: http://dovecot.org/list/dovecot-cvs/2007-January/007435.html
participants (3)
-
Glenn Leavell
-
Steve James
-
Timo Sirainen