Re: [Dovecot] File Permissions and delivery
On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote:
mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2,
Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA.
If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the new mails should be delivered with 0660 permissions. (I don't remember if having g+s makes any difference in the directory like you have in the domain dir.)
In any case, it would be better if mails were delivered as mailsystem:mailsystem 0600 since that's what you're reading them as. Unless you have some other good reason for requiring mailsystem group to be able to read them.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Sunday, August 28, 2011 11:25 PM
mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2,
Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in
On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: the MUA.
If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the new mails should be delivered with 0660 permissions. (I don't remember if having g+s makes any difference in the directory like you have in the domain dir.)
In any case, it would be better if mails were delivered as mailsystem:mailsystem 0600 since that's what you're reading them as. Unless you have some other good reason for requiring mailsystem group to be able to read them.
So mean I should change client to mailsystem/mailsystem in the dovecot.conf too? I'm also not sure what (if any) effect the g+s has - that's just how it was (and how it is on the test installation). As per my previous note to Patrick, I think I've fixed the delivery issue, but now I have these in the log again:
Aug 29 15:59:14 mail dovecot: deliver(simon@lydiard.net): chdir(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon@lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon@lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual)
Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot.
And even if I remove the sticky bit.
mail:~# ls /var/spool/mail/virtual/domain.net/simon/ total 880K drwxrwx--- 13 mailsystem mailsystem 4.0K Aug 26 16:53 ./ drwxrwx--- 5 mailsystem mailsystem 4.0K Aug 26 00:39 ../ drwxrwx--- 2 mailsystem mailsystem 4.0K Dec 3 2007 courierimaphieracl/ drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 25 18:57 courierimapkeywords/ -rwxrwx--- 1 mailsystem mailsystem 67 Nov 30 2007 courierimapsubscribed -rwxrwx--- 1 mailsystem mailsystem 15K Aug 25 20:45 courierimapuiddb -rwxrwx--- 1 mailsystem mailsystem 20K Aug 25 20:38 courierpop3dsizelist drwxrwx--- 2 mailsystem mailsystem 32K Aug 26 16:43 cur/ -rwxrwx--- 1 mailsystem mailsystem 3.5K Aug 26 03:37 dovecot.index -rwxrwx--- 1 mailsystem mailsystem 697K Aug 26 16:44 dovecot.index.cache -rwxrwx--- 1 mailsystem mailsystem 8.5K Aug 26 16:53 dovecot.index.log -rw-rwx--- 1 mailsystem mailsystem 25K Aug 26 16:44 dovecot-uidlist -rwxrwx--- 1 mailsystem mailsystem 8 Aug 25 23:14 dovecot-uidvalidity -rwxrwx--- 1 mailsystem mailsystem 0 Aug 25 23:14 dovecot-uidvalidity.4e56c938 drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 03:10 .Drafts/ drwxrwx--- 6 mailsystem mailsystem 4.0K Nov 30 2007 .Junk E-mail/ -rwxrwx--- 1 mailsystem mailsystem 7 Aug 26 22:05 maildirsize drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 new/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Outbox/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 00:17 .Sent/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Sent Items/ -rwxrwx--- 1 mailsystem mailsystem 37 Aug 25 22:26 subscriptions drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 tmp/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 22:26 .Trash/
Any ideas?
Simon
participants (2)
-
Simon Brereton
-
Timo Sirainen