New user mailbox permission
Hi all, I have a problem with my Dovecot installation. First, some informations:
- OS: CentOS 6.5 x86_64
- Dovecot: dovecot-2.0.9-7.el6.x86_64
Config: mail_location = sdbox:~/dbox user_query = SELECT username, password, 'vmail' as uid, 'vmail' as gid, '/var/vmail/%d/%n' as home, CONCAT('*:storage=', (quota DIV 1000)) as quota_rule FROM mailbox WHERE username='%u'
What I want to do is to create a backup user to rsync the mailstore to a remote location. If possible, I don't want to use the root user for this operation. I already added the backup user to "vmail" group.
The problem is that when a new user is created, it's base directory permission are 0700 (vmail:vmail). From what I read here (http://wiki2.dovecot.org/SharedMailboxes/Permissions, "Permissions to new /domain/user directories"), simply using the setgid bit is not sufficient because I am not using an absolute path for mail_location.
My questions are:
- all I need to do is to switch to an absolute mail_location?
- it is possibile to solve my problem _without_ altering mail_location?
Thanks.
-- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti@assyoma.it - info@assyoma.it GPG public key ID: FF5F32A8
Am 20.08.2014 um 23:57 schrieb Gionatan Danti:
Hi all, I have a problem with my Dovecot installation. First, some informations:
- OS: CentOS 6.5 x86_64
- Dovecot: dovecot-2.0.9-7.el6.x86_64
Config: mail_location = sdbox:~/dbox user_query = SELECT username, password, 'vmail' as uid, 'vmail' as gid, '/var/vmail/%d/%n' as home, CONCAT('*:storage=', (quota DIV 1000)) as quota_rule FROM mailbox WHERE username='%u'
What I want to do is to create a backup user to rsync the mailstore to a remote location. If possible, I don't want to use the root user for this operation. I already added the backup user to "vmail" group.
The problem is that when a new user is created, it's base directory permission are 0700 (vmail:vmail). From what I read here (http://wiki2.dovecot.org/SharedMailboxes/Permissions, "Permissions to new /domain/user directories"), simply using the setgid bit is not sufficient because I am not using an absolute path for mail_location.
My questions are:
- all I need to do is to switch to an absolute mail_location?
- it is possibile to solve my problem _without_ altering mail_location?
Thanks.
You could use sudo to grant your backup user the required rights to read those files.
==> /etc/sudoers backupuser ALL=NOPASSWD: /usr/bin/rsync
-- Alex JOST
You could use sudo to grant your backup user the required rights to read those files.
==> /etc/sudoers backupuser ALL=NOPASSWD: /usr/bin/rsync
I, the point is that I don't want to give my script root privilege. Too much harm can be done using root privileges for simple task as backups.
This is why I included user "backup" into "vmail" group and changed all files/dir under mail_location to be read by "vmail" group. However, new user account are created with 0700 permissions, and that clearly break my backup.
I understand that the solution can be as simple as to do a chmod g+X before to run the backup, but I wander _how_ can be possibile to select the umask/permissions of new accounts under dovecot...
Thanks.
-- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti@assyoma.it - info@assyoma.it GPG public key ID: FF5F32A8
participants (2)
-
Alex JOST
-
Gionatan Danti