[Dovecot] deliver and cloning file permissions
Hi!
I'd like to use deliver (dovecot-1.2.10) as LDA to deliver mails to my local users on my postfix-system.
However, deliver tries to copy the filesystem permissions of the mail-spool-files to the user's index files, which doesn't work, since the files in /var/mail/ belong to the group 'mail'.
Feb 13 00:21:19 leo-x61 dovecot: deliver(leo): fchown(/home/leo/mail/.imap/INBOX/dovecot.index.log.newlock, -1, 12(mail)) failed: Operation not permitted (egid=100(users), group based on /var/mail/leo)
I know that dovecot tries to clone the mailbox permissions in order to support shared folders but it would be nice if there was an option to disable this (or to just try it and ignore the fchown error).
I could manually change group ownership of all mailboxes from mail to each user's primary group or set the mailbox-modes to 0600 but I'd also have to do that for every new user. (Tools to create users like useradd from shadow-utils use hardcoded file modes and group ownership.)
Is there any workaround?
Thanks, --leo
e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
On 02/13/2010 02:57 PM Alexander 'Leo' Bergolth wrote:
Hi!
I'd like to use deliver (dovecot-1.2.10) as LDA to deliver mails to my local users on my postfix-system.
However, deliver tries to copy the filesystem permissions of the mail-spool-files to the user's index files, which doesn't work, since the files in /var/mail/ belong to the group 'mail'.
Feb 13 00:21:19 leo-x61 dovecot: deliver(leo): fchown(/home/leo/mail/.imap/INBOX/dovecot.index.log.newlock, -1, 12(mail)) failed: Operation not permitted (egid=100(users), group based on /var/mail/leo)
I know that dovecot tries to clone the mailbox permissions in order to support shared folders but it would be nice if there was an option to disable this (or to just try it and ignore the fchown error).
I could manually change group ownership of all mailboxes from mail to each user's primary group or set the mailbox-modes to 0600 but I'd also have to do that for every new user. (Tools to create users like useradd from shadow-utils use hardcoded file modes and group ownership.)
Is there any workaround?
Hm, what about a 'better solution'? Using Maildir.
Posttfix: main.cf¹ mailbox_command = /usr/local/libexec/dovecot/deliver
Dovecot: dovecot.conf² mail_location = maildir:~/Maildir
Regards, Pascal
1 = http://wiki.dovecot.org/LDA/Postfix 2 = http://wiki.dovecot.org/MailLocation
The trapper recommends today: defaced.1004413@localdomain.org
On 02/13/2010 09:28 PM, Pascal Volk wrote:
On 02/13/2010 02:57 PM Alexander 'Leo' Bergolth wrote:
I'd like to use deliver (dovecot-1.2.10) as LDA to deliver mails to my local users on my postfix-system.
However, deliver tries to copy the filesystem permissions of the mail-spool-files to the user's index files, which doesn't work, since the files in /var/mail/ belong to the group 'mail'.
Feb 13 00:21:19 leo-x61 dovecot: deliver(leo): fchown(/home/leo/mail/.imap/INBOX/dovecot.index.log.newlock, -1, 12(mail)) failed: Operation not permitted (egid=100(users), group based on /var/mail/leo)
Is there any workaround?
Hm, what about a 'better solution'? Using Maildir. [...] Dovecot: dovecot.conf² mail_location = maildir:~/Maildir
Unfortunately switching from mbox to maildir is not an option.
Btw. I don't see the solution. If the inbox is still /var/mail/<user> and is still group-owned by "mail", dovecot will still have the same problems cloning the group-permissions to ~/Maildir.
Cheers, --leo
e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
On 02/14/2010 12:03 AM Alexander 'Leo' Bergolth wrote:
On 02/13/2010 09:28 PM, Pascal Volk wrote:
Dovecot: dovecot.conf² mail_location = maildir:~/Maildir
Unfortunately switching from mbox to maildir is not an option.
Btw. I don't see the solution. If the inbox is still /var/mail/<user> and is still group-owned by "mail", dovecot will still have the same problems cloning the group-permissions to ~/Maildir.
Because you've overlooked, at least removed, the Postfix configuration setting in the quoted part. When Dovecot's mail_location is set to 'maildir:~/Maildir' and Postfix's mailbox_command (for local users) points to Dovecot's deliver, all mails will be delivered via deliver into the INBOX from the mail_location setting.
The users INBOX would be still in /var/mail/<user>, if you would use Postfix's local daemon for local delivery and Dovecot's mail_location would be set to: mail_location = maildir:~/Maildir:INBOX=/var/mail/%u
Regards, Pascal
The trapper recommends today: deadbeef.1004500@localdomain.org
On 02/14/2010 12:45 AM, Pascal Volk wrote:
On 02/14/2010 12:03 AM Alexander 'Leo' Bergolth wrote:
On 02/13/2010 09:28 PM, Pascal Volk wrote:
Dovecot: dovecot.conf² mail_location = maildir:~/Maildir
Unfortunately switching from mbox to maildir is not an option.
Btw. I don't see the solution. If the inbox is still /var/mail/<user> and is still group-owned by "mail", dovecot will still have the same problems cloning the group-permissions to ~/Maildir.
Because you've overlooked, at least removed, the Postfix configuration setting in the quoted part. When Dovecot's mail_location is set to 'maildir:~/Maildir' and Postfix's mailbox_command (for local users) points to Dovecot's deliver, all mails will be delivered via deliver into the INBOX from the mail_location setting.
The users INBOX would be still in /var/mail/<user>, if you would use Postfix's local daemon for local delivery and Dovecot's mail_location would be set to: mail_location = maildir:~/Maildir:INBOX=/var/mail/%u
OK, thanks, I got the big picture now. :-) Unfortunately I am forced to mbox inboxes in /var/mail/<user>.
Any other hints?
Cheers, --leo
e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
On Sat, 2010-02-13 at 14:57 +0100, Alexander 'Leo' Bergolth wrote:
Feb 13 00:21:19 leo-x61 dovecot: deliver(leo): fchown(/home/leo/mail/.imap/INBOX/dovecot.index.log.newlock, -1, 12(mail)) failed: Operation not permitted (egid=100(users), group based on /var/mail/leo)
I know that dovecot tries to clone the mailbox permissions in order to support shared folders but it would be nice if there was an option to disable this (or to just try it and ignore the fchown error).
I could manually change group ownership of all mailboxes from mail to each user's primary group or set the mailbox-modes to 0600
Right. That's also the safest solution, the mail files shouldn't be group-rw anyway.
but I'd also have to do that for every new user. (Tools to create users like useradd from shadow-utils use hardcoded file modes and group ownership.)
Yes, that's unfortunate. I was trying to get shadow-utils upstream to change the default to 0600, but I'm not sure what happened. I guess everyone just forgot about it. Maybe report this as a bug to your distribution?
You could also of course create a script like useradd2 or something, that fixes the permission afterwards.
No other solutions for this really. The correct solution is to keep the file modes 0600, the other tools just need to be fixed to do that.
participants (3)
-
Alexander 'Leo' Bergolth
-
Pascal Volk
-
Timo Sirainen