[Dovecot] umask 007 ineffective with newly created Maildir message
This is for Dovecot 1.0.rc15 from Debian Backports on 3.1 Stable, x86; Filesystems are local reiserfs; IMAPs client is KMail 1.9.5
Non-default settings in dovecot.conf:
protocols = imaps ssl_cert_file = /etc/dovecot/mail.cert.pem ssl_key_file = /etc/dovecot/mail.key.pem mail_location = maildir:/var/mail/ambrosia.plus.com/%n mail_extra_groups = mail first_valid_uid = 1000 first_valid_gid = 1000 umask = 007 maildir_copy_with_hardlinks = yes
To reproduce:-
- Using your IMAP client with two IMAP accounts, copy a message from a folder in one account, to a folder in the other account
- See that the newly created message file is -rw-------
If a message is moved between folders on the _same_ account, however, the group permissions are preserved (ie not masked off). So it seems that the umask option is ineffective when the imap daemon creates a new maildir message file.
Thanks, Steve.
-- BOFH excuse #400:
We are Microsoft. What you are experiencing is not a problem; it is an undocumented feature.
On 12/19/06, Steve James s.james@bigfoot.com wrote:
This is for Dovecot 1.0.rc15 from Debian Backports on 3.1 Stable, x86; Filesystems are local reiserfs; IMAPs client is KMail 1.9.5
Non-default settings in dovecot.conf:
protocols = imaps ssl_cert_file = /etc/dovecot/mail.cert.pem ssl_key_file = /etc/dovecot/mail.key.pem mail_location = maildir:/var/mail/ambrosia.plus.com/%n mail_extra_groups = mail first_valid_uid = 1000 first_valid_gid = 1000 umask = 007 maildir_copy_with_hardlinks = yes
To reproduce:-
- Using your IMAP client with two IMAP accounts, copy a message from a folder in one account, to a folder in the other account
- See that the newly created message file is -rw-------
If a message is moved between folders on the _same_ account, however, the group permissions are preserved (ie not masked off). So it seems that the umask option is ineffective when the imap daemon creates a new maildir message file.
Might this be because it's doing "maildir_copy_with_hardlinks = yes" ?? When you go between accounts, this won't happen, as the copy happens client side.
Tim
Linux Counter user #273956 Don't email joeblogs@scouts.org.au
On Thursday 21 December 2006 08:59, Timothy White wrote: --snip--
maildir_copy_with_hardlinks = yes
To reproduce:-
- Using your IMAP client with two IMAP accounts, copy a message from a folder in one account, to a folder in the other account
- See that the newly created message file is -rw-------
If a message is moved between folders on the _same_ account, however, the group permissions are preserved (ie not masked off). So it seems that the umask option is ineffective when the imap daemon creates a new maildir message file.
Might this be because it's doing "maildir_copy_with_hardlinks = yes" ?? When you go between accounts, this won't happen, as the copy happens client side.
Tim,
Yes, I did wonder about that. However, I assert that, while that may explain the difference in behaviour, it's nevertheless incorrect behaviour ;-)
Besides, I don't think the use of hardlinks should be relevant: two directory entries that link to the same file are still two different directory entries with their own, individual ownerships and permissions. I could do the experiment if that's useful?
For the time being, I have a cron process to chmod g+rw all the relevant maildir files. Yech.
Steve.
-- Domestic happiness and faithful friends.
On Thu, 21 Dec 2006 09:58:35 +0000 Steve James s.james@bigfoot.com wrote:
Besides, I don't think the use of hardlinks should be relevant: two directory entries that link to the same file are still two different directory entries with their own, individual ownerships and permissions. I could do the experiment if that's useful?
No they're not. :) Hard links are two directory entries ('names') pointing to the same inode: permissions, file ownership, timestamps, etc. are all set at the inode level.
(winslowb@winslowb:/tmp) touch foo (11:32am/3/pts/42) (winslowb@winslowb:/tmp) ls -l foo (11:32am/4/pts/42) -rw-r--r-- 1 winslowb winslowb 0 2006-12-21 11:32 foo (winslowb@winslowb:/tmp) ln foo bar (11:32am/5/pts/42) (winslowb@winslowb:/tmp) ls -l bar (11:32am/6/pts/42) -rw-r--r-- 2 winslowb winslowb 0 2006-12-21 11:32 bar (winslowb@winslowb:/tmp) chmod 600 bar (11:32am/7/pts/42) (winslowb@winslowb:/tmp) ls -l foo bar (11:32am/8/pts/42) -rw------- 2 winslowb winslowb 0 2006-12-21 11:32 bar -rw------- 2 winslowb winslowb 0 2006-12-21 11:32 foo
I think that probably makes umask irrelevant -- but whether dovecot should chmod things when maildir_copy_with_hardlinks is on is a separate discussion.
HTH,
Ben Winslow rain@bluecherry.net
On 21.12.2006, at 18.35, Ben Winslow wrote:
I think that probably makes umask irrelevant -- but whether dovecot should chmod things when maildir_copy_with_hardlinks is on is a separate discussion.
Hmm. I hadn't thought about that problem before. I think in general
it shouldn't matter, but when using shared folders this is going to
be problematic. Perhaps hardlink-copying should be disabled whenever
the file's permissions would change. Anyway, I think this is post-
v1.0 problem.
participants (4)
-
Ben Winslow
-
Steve James
-
Timo Sirainen
-
Timothy White