[Dovecot] dovecot ignoring folder permissions on directory creation
Ubuntu 8.04lts Dovecot 1.2.6
So, further to the 'deliver' problem posted yesterday I've also discovered another issue regarding permissions: files and directories are being created 0600/0700 by the IMAP and deliver process (depending on who gets there first!) preventing use of shared mailboxes.
According to documentation: "When creating a new mailbox, Dovecot v1.2+ copies the permissions from the mailbox root directory." and "When creating new files inside a mailbox, Dovecot v1.2+ copies the read/write permissions from the mailbox's directory." (http://wiki.dovecot.org/SharedMailboxes/Permissions)
So, with an empty directory of:
drwxr-xr-x 3 root root 21 2009-11-16 13:36 /home drwxrwx--x 3 nobody maildir 21 2009-11-16 13:36 /home/mail
I would expect a user logging in to have their mail directory created automatically with the same permissions (but not necessarily the same group).
What I see post-login is:
drwxrwx--x 3 nobody maildir 21 2009-11-16 13:42 /home/mail drwx------ 3 auser adomain 18 2009-11-16 13:42 /home/mail/adomain drwx------ 3 auser adomain 20 2009-11-16 13:42 /home/mail/adomain/auser drwx------ 5 auser adomain 4096 2009-11-16 13:42 /home/mail/adomain/auser/Maildir drwx------ 2 auser adomain 6 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/cur -rw------- 1 auser adomain 0 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/dovecot-acl-list -rw------- 1 auser adomain 156 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/dovecot.index.log -rw------- 1 auser adomain 17 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/dovecot-uidlist -rw------- 1 auser adomain 8 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/dovecot-uidvalidity -rw------- 1 auser adomain 0 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/dovecot-uidvalidity.4b0156e2 drwx------ 2 auser adomain 6 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/new drwx------ 2 auser adomain 6 2009-11-16 13:42 /home/mail/adomain/auser/Maildir/tmp
I've tried pre-creation of /home/mail/adomain, /home/mail/adomain/auser and /home/mail/adomain/auser/Maildir in each case with permissions 0770 but in each case subsequent subdirectories and files are 0700/0600.
I've also tried use of a "dovecot-shared" file, but this also has no effect under any permutation I can create.
Anyone else seen this?
On Mon, 2009-11-16 at 13:54 +0000, Peter wrote:
drwxr-xr-x 3 root root 21 2009-11-16 13:36 /home drwxrwx--x 3 nobody maildir 21 2009-11-16 13:36 /home/mail
I would expect a user logging in to have their mail directory created automatically with the same permissions (but not necessarily the same group).
If the group isn't copied, what use is it to copy the group's permissions?
I don't think Dovecot should copy the parent directory's permissions when creating mail root dirs. It just seems too dangerous. I know some people are using 01777 permission root directories, and that really shouldn't be copied.
I've tried pre-creation of /home/mail/adomain, /home/mail/adomain/auser and /home/mail/adomain/auser/Maildir in each case with permissions 0770 but in each case subsequent subdirectories and files are 0700/0600.
Pre-creation (e.g. in post-login script) of /home/mail/adomain/auser/Maildir should work, and in my testing it does:
~/Maildir3% ls -la total 40 drwxrwxrwx 5 timo timo 4096 2009-11-23 16:46 ./ drwxr-xr-x 82 timo timo 12288 2009-11-23 16:41 ../ drwxrwxrwx 2 timo timo 4096 2009-11-23 16:46 cur/ -rw-rw-rw- 1 timo timo 64 2009-11-23 16:46 dovecot-uidlist -rw-r--r-- 1 timo timo 8 2009-11-23 16:46 dovecot-uidvalidity -rw-r--r-- 1 timo timo 0 2009-11-23 16:46 dovecot-uidvalidity.4b0b02ad -rw-rw-rw- 1 timo timo 412 2009-11-23 16:46 dovecot.index.log drwxrwxrwx 2 timo timo 4096 2009-11-23 16:46 new/ drwxrwxrwx 2 timo timo 4096 2009-11-23 16:46 tmp/
Looks like the dovecot-uidvalidity* permissions aren't correct, I'll fix those.
participants (2)
-
Peter
-
Timo Sirainen