Re: [Dovecot] ChgrpNoPerm issue
Robert JR <roundcube222@alaadin.org> writes:
The problem is /var/mail (Owner is useraccount and the group us mail) , and here comes the problem Dovecot keeps trying to chown the imap folder inside the homedirectory with user:mail account and since And this is the reason of error that appears in my log file.
Dovecot is trying to keep the permission of your index caches consistent with that of your mailbox it indexes. The INBOX index cache is kept in your user's mail directory (as per your default settings), although you can change that location.
The option mail_access_groups=mail solve the problem.. but I read it is not secure.. With my current configutation, users login with imap to read mail , can they use any the mail_access_groups=mail and read other poeple mail ?
Yes, that's the security problem.
does my configutation is a shard mailbox and could be unsecure..
Could not parse your question/comment.
why didnot have this issue with uw-imapd? and why dovecot try to chown the .imap folder with the mail group ?
uw-imapd was not as picky. The extra consideration for group ownership is so that shared access to mailbox files, and their associated index caches, remain consistent. For example, if you shared a mailbox among your colleagues in group "staff" and the mailbox has group=staff,perm=g+rw, then the index caches will inherit those permissions, and members of group staff can access mailbox and indices alike.
[You later write ...]
Sep 9 11:22:30 dovecot: pop3(r): Error: fchown(/home/r/.imap/INBOX/dovecot.index.log.newlock, -1, 12(mail)) failed: Operation not permitted (egid=501(r), group based on /var/mail/r)
i know that chmod 0600 /var/mail , will solve the problem and i will no longer receive the above errors again
You also have to make sure that autocreated INBOXs (i.e. a brand new account) does not start out with anything other than 0600. You may have to use dovecot's LDA or twist your LDA's arm to create mailboxes that way.
I guess you can also avoid these errors by using memory indices, but you forego the advantages of persistent indices.
But my question is that incase i did not set chmod /var/mail 0600, can i ignore such errors, is these errors harmful ? if this errors keep coming and i ignored them would this cause mbx corruption .. please advise
No, you can't ignore these errors. They will break IMAP access to those mailboxes (as you will find out).
Joseph Tam <jtam.home@gmail.com>
participants (1)
-
Joseph Tam