[Dovecot] delivering mail to public mbox with permission 660?
I am migrating a couple old RH servers running sendmail and UW-IMAP to a new Ubuntu 10.04 servers running Postfix and Dovecot.
I have everything working reasonably well except that the permissions of newly created mbox mail folders is always 600.
I have reviewed the archives, google, and double checked everything is as suggested in the Dovecot Wiki / SharedMailboxes / Permissions.
I am running Ubuntu 10.04 packages postfix 2.7.0-1, dovecot-common, dovecot-imapd, dovecot-pop3d, and dovecot-postfix (all version 1.2.9-1ubuntu6.1).
I plan to install amavisd-new, et.al. for spam filtering and anti-virus but have held off until I get Postfix and Dovecot working 100%.
I have configured Postfix and Dovecot to use mbox mailboxes. I chose mbox becaus I have a LOT of shared mbox folders to migrate and decided it best to first migrate to Postfix/Dovecot mbox and later worry about migrating to maildir (as suggested on the Dovecot wiki mailbox format page).
I have configured private (also as default) and public namespaces with the public mailboxes stored in /var/mail/public. /var/mail/public has rwxrws--- and is group tarts (the shared "company" group for this server).
Initially I had procmail configured via the mailbox_command. Initial test mail sent to user tarts triggered creation of /var/mail/tarts with 660 permissions as expected.
I then changed the configuration to use deliver via the mailbox_command. I did this because procmail appears to be unmaintained and to benefit from deliver's support for indexing at time of delivery and seive.
I then added user testuser with primary group testuser and supplemental group tarts. I made sure testuser's home directory and mail sub dir had rwxrws--- permissions.
I sent test mail to user testuser and had both user tarts and user testuser create some subfolders in public (via Thunderbird accounts)
THE PROBLEM is that mbox folders that hold messages are created with permssion 600.
My understanding, from the Dovecot wiki and other docs/postings is that the folders should be 660 given the /var/mail permssions of rwxrwsrwt and ~/mail permssions of rwxrws---
MY QUESTION is how do I correct the configuration and/or directory permissions so that mbox folders and .imap indices (especially public/ ones) are created with 660 permissions thus allowing users who belong to a common group (eg tarts) to access the public mailboxes?
It appears all Dovecot configuration options to establish directory/box perms or mask, such as umask, have been deprectated and no longer work.
The primary option appears to be using the permissions yet that is not working for me here.
/home/: drwxrws--- 4 tarts tarts 4096 2010-10-19 13:59 tarts/
/home/tarts: drwxrws--- 4 tarts tarts 4096 2010-10-19 13:50 mail/
/d/home/: drwxrws--- 4 testuser testuser 4096 2010-10-19 13:59 testuser/
/d/home/testuser: drwxrws--- 4 testuser testuser 4096 2010-10-19 13:59 mail/
/d/home/testuser/mail: total 20 drwxrws--- 4 testuser testuser 4096 2010-10-19 13:59 ./ drwxrws--- 3 testuser testuser 4096 2010-10-19 13:44 ../ drwxrws--- 3 testuser testuser 4096 2010-10-19 13:45 .imap/ -rw-rw---- 1 testuser testuser 36 2010-10-19 13:59 .subscriptions -rw------- 1 testuser testuser 0 2010-10-19 13:50 Trash drwxrws--- 2 testuser testuser 4096 2010-10-19 13:54 test1/ -rw------- 1 testuser testuser 0 2010-10-19 13:54 test2
/d/home/testuser/mail/.imap: total 12 drwxrws--- 3 testuser testuser 4096 2010-10-19 13:45 ./ drwxrws--- 4 testuser testuser 4096 2010-10-19 13:59 ../ drwx--S--- 2 testuser testuser 4096 2010-10-19 13:50 INBOX/
/d/home/testuser/mail/.imap/INBOX: total 24 drwx--S--- 2 testuser testuser 4096 2010-10-19 13:50 ./ drwxrws--- 3 testuser testuser 4096 2010-10-19 13:45 ../ -rw------- 1 testuser testuser 16384 2010-10-19 14:00 dovecot.index.cache -rw------- 1 testuser testuser 864 2010-10-19 14:00 dovecot.index.log
/d/home/testuser/mail/test1: total 8 drwxrws--- 2 testuser testuser 4096 2010-10-19 13:54 ./ drwxrws--- 4 testuser testuser 4096 2010-10-19 13:59 ../ -rw------- 1 testuser testuser 0 2010-10-19 13:54 sub1
/var: drwsrwsrwt 3 root mail 4096 2010-10-18 10:23 mail/
/var/mail: total 896 drwsrwsrwt 3 root mail 4096 2010-10-19 13:51 ./ drwxr-xr-x 16 root root 4096 2010-03-05 13:57 ../ -rw-rw---- 1 nobody mail 1386 2010-10-12 16:54 nobody drwsrws--- 5 root tarts 4096 2010-10-19 13:51 public/ -rw-rw---- 1 tarts mail 894107 2010-10-19 08:59 tarts -rw------- 1 testuser mail 632 2010-10-19 13:51 testuser
/var/mail/public: total 24 drwsrws--- 5 root tarts 4096 2010-10-19 13:51 ./ drwsrwsrwt 3 root mail 4096 2010-10-19 13:51 ../ drwxrws--- 3 tarts tarts 4096 2010-10-19 13:51 .imap/ drwxrws--- 3 tarts tarts 4096 2010-10-16 15:02 test1/ drwxrws--- 2 tarts tarts 4096 2010-10-16 15:01 test2/ -rw------- 1 testuser tarts 633 2010-10-19 13:51 test3
/var/mail/public/.imap: total 12 drwxrws--- 3 tarts tarts 4096 2010-10-19 13:51 ./ drwsrws--- 5 root tarts 4096 2010-10-19 13:51 ../ drwx--S--- 2 testuser tarts 4096 2010-10-19 13:51 test3/
/var/mail/public/.imap/test3: total 28 drwx--S--- 2 testuser tarts 4096 2010-10-19 13:51 ./ drwxrws--- 3 tarts tarts 4096 2010-10-19 13:51 ../ -rw------- 1 testuser tarts 16384 2010-10-19 13:51 dovecot.index.cache -rw------- 1 testuser tarts 628 2010-10-19 13:51 dovecot.index.log
/var/mail/public/test1: total 16 drwxrws--- 3 tarts tarts 4096 2010-10-16 15:02 ./ drwsrws--- 5 root tarts 4096 2010-10-19 13:51 ../ drwxrws--- 3 tarts tarts 4096 2010-10-16 15:02 .imap/ -rw------- 1 tarts tarts 614 2010-10-16 15:02 sub1 -rw------- 1 tarts tarts 0 2010-10-16 15:01 sub2
/var/mail/public/test1/.imap: total 12 drwxrws--- 3 tarts tarts 4096 2010-10-16 15:02 ./ drwxrws--- 3 tarts tarts 4096 2010-10-16 15:02 ../ drwx--S--- 2 tarts tarts 4096 2010-10-16 15:02 sub1/
/var/mail/public/test1/.imap/sub1: total 12 drwx--S--- 2 tarts tarts 4096 2010-10-16 15:02 ./ drwxrws--- 3 tarts tarts 4096 2010-10-16 15:02 ../ -rw------- 1 tarts tarts 408 2010-10-16 15:02 dovecot.index.log
/var/mail/public/test2: total 8 drwxrws--- 2 tarts tarts 4096 2010-10-16 15:01 ./ drwsrws--- 5 root tarts 4096 2010-10-19 13:51 ../
Any help would be greatly appreciated.
Thanks R.Parr, RHCE, Temporal Arts, Portland, U.S.A.
On Tue, 2010-10-19 at 14:30 -0700, RParr wrote:
I am running Ubuntu 10.04 packages postfix 2.7.0-1, dovecot-common, dovecot-imapd, dovecot-pop3d, and dovecot-postfix (all version 1.2.9-1ubuntu6.1). .. My understanding, from the Dovecot wiki and other docs/postings is that the folders should be 660 given the /var/mail permssions of rwxrwsrwt and ~/mail permssions of rwxrws---
Yep. Looks like it's broken in v1.2 for mbox. It works in v2.0 though. I could maybe write a patch for v1.2, but you'd need to compile Dovecot anyway.
On 10/21/2010 09:06 AM, Timo Sirainen wrote:
On Tue, 2010-10-19 at 14:30 -0700, RParr wrote:
I am running Ubuntu 10.04 packages postfix 2.7.0-1, dovecot-common, dovecot-imapd, dovecot-pop3d, and dovecot-postfix (all version 1.2.9-1ubuntu6.1).
..
My understanding, from the Dovecot wiki and other docs/postings is that the folders should be 660 given the /var/mail permssions of rwxrwsrwt and ~/mail permssions of rwxrws---
Yep. Looks like it's broken in v1.2 for mbox. It works in v2.0 though. I could maybe write a patch for v1.2, but you'd need to compile Dovecot anyway.
A patch would be much appreciated.
I would prefer to apply the patch to a deb-src and build a deb for the 1.2.+ so that I can keep my package management happy and stay compatible with the mail filtering packages (amavisd-new, spamassassin, clamav, ...).
On Fri, 2010-10-22 at 17:14 -0700, RParr wrote:
My understanding, from the Dovecot wiki and other docs/postings is that the folders should be 660 given the /var/mail permssions of rwxrwsrwt and ~/mail permssions of rwxrws---
Yep. Looks like it's broken in v1.2 for mbox. It works in v2.0 though. I could maybe write a patch for v1.2, but you'd need to compile Dovecot anyway.
A patch would be much appreciated.
On 10/25/2010 08:22 AM, Timo Sirainen wrote:
On Fri, 2010-10-22 at 17:14 -0700, RParr wrote:
My understanding, from the Dovecot wiki and other docs/postings is that the folders should be 660 given the /var/mail permssions of rwxrwsrwt and ~/mail permssions of rwxrws---
Yep. Looks like it's broken in v1.2 for mbox. It works in v2.0 though. I could maybe write a patch for v1.2, but you'd need to compile Dovecot anyway.
A patch would be much appreciated.
Thanks. Works like a charm.
I include the following for others who might want to apply this patch to their Ubuntu/Debian systems.
# likely already done but include for completeness apt-get install build-essential devscripts
cd /d/linux/dovecot # or where ever you stash such things
apt-get build-dep dovecot # installed a bunch of dev libs/pkgs.
apt-get source dovecot
cd dovecot-1.2.9/
cp src/lib-storage/index/mbox/mbox-storage.c
src/lib-storage/index/mbox/mbox.storage.c.orig
vi src/lib-storage/index/mbox/mbox-storage.c # change mbox-storage.c per http://hg.dovecot.org/dovecot-1.2/rev/45769d0cc39c#l1.25
dch -v 1:1.2.9-1ubuntu6.1ta "mbox: Creating new mailboxes should base permissions on mail root dir, not always use 0600" # this sets the version to 1:1.2.9-1ubuntu6.1ta and adds and entry in the changelog. # did this so apt/synaptic would see our version as newer then existing.
debuild -us -uc # can use dpkg-buildpackage command-line options # -us -uc means do not sign source package or .changes file.
cd /d/linux/dovecot # now contains a set of dovecot debs
I then moved the debs to our local repository, updated the repository index, and installed using synaptic.
OR
# assuming /d/linux/dovecot contains only the newly generated debs, install the packages using dpkg dpkg -i *.deb
participants (2)
-
RParr
-
Timo Sirainen