[Dovecot] Maildir parent directory permissions incorrect for new mailbox
Hi,
My issue is with the automatic creation of parent directories above new maildirs. It seems to be that they're being set with incorrect (or unhelpful) permissions, applying the permissions of the mailbox down the path towards the mailbox root, as opposed to taking the permissions of the mailbox root up towards the mailbox.
Our mail is stored under the scheme:
location = maildir:/var/dovecot/mail/%d/%n:INDEX=/var/dovecot/index/%d/%n
Initially, /var/dovecot consists of acl, index and mail, all empty. The permissions on these are:
ls -l total 6 drwxrwxr-x 2 hmgp hmgp 512 17 Jun 12:23 acl drwxrwxr-x 3 hmgp hmgp 512 17 Jun 15:56 index drwxrwxr-x 3 hmgp hmgp 512 17 Jun 15:56 mail
If I perform a mail delivery to my mailbox, the mailbox parent directory is created with the following permissions:
ls -l total 2 drwx------ 3 dm hmgp 512 17 Jun 15:56 insidetrading.co.uk
Note that the user ID is my own and the mode restricts all other access. When I perform a second delivery to different mailbox under that domain, one mapped to a different UID, the delivery fails because that user cannot access the parent folder in order to create the new maildir.
I've read on the Wiki that Dovecot copies permissions from the parent directory when adding new messages to a mailbox. That would suit my situation, but it doesn't happen here. Maybe there is there a reason why this is the case?
I've had a look at the code and it it works in the opposite direction, starting from the full path (with its associated mode, uid & gid) and working by removing a section from the right-hand side each time. For me, at least, it would be better if it started from the bottom and worked upwards, inheriting the parent uid, gid and mode until the mailbox directory, where the existing behaviour would be retained, looking like:
ls -dl insidetrading.co.uk/dm total 2 drwx------ 5 dm hmgp 512 17 Jun 15:56 dm
I know I could hold all our mail under a single uid/gid or I could fix the mode manually, but I'd rather not do either. Am I missing some key configuration detail or should I work on a patch for this?
Thanks, Dominic
dovecot -n # 2.0.12: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-RELEASE amd64 auth_debug = yes listen = * mail_debug = yes mail_plugins = acl namespace { inbox = yes location = maildir:/var/dovecot/mail/%d/%n:INDEX=/var/dovecot/index/%d/%n prefix = separator = / type = private } namespace { list = children location = maildir:/var/dovecot/mail/%%d/%%n:INDEX=/var/dovecot/index/%%d/shared/%%n prefix = shared/%%n separator = / subscriptions = no type = shared } passdb { args = /usr/local/etc/dovecot/ldap.conf driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/dovecot/acl/%d/%n-shared.db } protocols = lmtp imap service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl = required ssl_ca =
On 17.06.2011 18:35, wrote Dominic Marks:
Hi Dominic,
Initially, /var/dovecot consists of acl, index and mail, all empty. The permissions on these are:
ls -l total 6 drwxrwxr-x 2 hmgp hmgp 512 17 Jun 12:23 acl drwxrwxr-x 3 hmgp hmgp 512 17 Jun 15:56 index drwxrwxr-x 3 hmgp hmgp 512 17 Jun 15:56 mail
If I perform a mail delivery to my mailbox, the mailbox parent directory is created with the following permissions:
ls -l total 2 drwx------ 3 dm hmgp 512 17 Jun 15:56 insidetrading.co.uk
Blind guess: You are delivering the mail via postfix local and not via dovecot-lda or lmtp?
Note that the user ID is my own and the mode restricts all other access. When I perform a second delivery to different mailbox under that domain, one mapped to a different UID, the delivery fails because that user cannot access the parent folder in order to create the new maildir.
On 17/06/2011 18:16, e-frog wrote:
On 17.06.2011 18:35, wrote Dominic Marks:
Hi Dominic,
Initially, /var/dovecot consists of acl, index and mail, all empty. The permissions on these are:
ls -l total 6 drwxrwxr-x 2 hmgp hmgp 512 17 Jun 12:23 acl drwxrwxr-x 3 hmgp hmgp 512 17 Jun 15:56 index drwxrwxr-x 3 hmgp hmgp 512 17 Jun 15:56 mail
If I perform a mail delivery to my mailbox, the mailbox parent directory is created with the following permissions:
ls -l total 2 drwx------ 3 dm hmgp 512 17 Jun 15:56 insidetrading.co.uk
Blind guess: You are delivering the mail via postfix local and not via dovecot-lda or lmtp?
Hi e-frog,
Nope.
From my main.cf:
virtual_transport = lmtp:unix:private/dovecot-lmtp
From my maillog:
Jun 17 18:37:06 comms dovecot: lmtp(75348): Connect from local Jun 17 18:37:06 comms dovecot: lmtp(75348, dm@insidetrading.co.uk): 8en+HVtz+01UJgEA+ZD7hg: msgid=20110617183706.04E3C3B618@mail.helenmarks.co.uk: saved mail to INBOX Jun 17 18:37:06 comms postfix/lmtp[78285]: 04E3C3B618: to=dm@insidetrading.co.uk, relay=mail.helenmarks.co.uk[private/dovecot-lmtp], delay=0.1, delays=0.05/0.04/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 dm@insidetrading.co.uk 8en+HVtz+01UJgEA+ZD7hg Saved) Jun 17 18:37:06 comms dovecot: lmtp(75348): Disconnect from local: Client quit Jun 17 18:37:06 comms postfix/qmgr[99310]: 04E3C3B618: removed
In fact, during my tests I invoked the lmtp binary under gdb so I could inspect its behaviour, but prior to that I'd been relaying through lmtp.
Thanks, Dominic
On Fri, 2011-06-17 at 17:35 +0100, Dominic Marks wrote:
My issue is with the automatic creation of parent directories above new maildirs. It seems to be that they're being set with incorrect (or unhelpful) permissions, applying the permissions of the mailbox down the path towards the mailbox root, as opposed to taking the permissions of the mailbox root up towards the mailbox.
Our mail is stored under the scheme:
location = maildir:/var/dovecot/mail/%d/%n:INDEX=/var/dovecot/index/%d/%n
See if chmod g+s /var/dovecot/mail solves your troubles. The same for index dir.
On Tue, 2011-06-28 at 04:07 +0300, Timo Sirainen wrote:
On Fri, 2011-06-17 at 17:35 +0100, Dominic Marks wrote:
My issue is with the automatic creation of parent directories above new maildirs. It seems to be that they're being set with incorrect (or unhelpful) permissions, applying the permissions of the mailbox down the path towards the mailbox root, as opposed to taking the permissions of the mailbox root up towards the mailbox.
Our mail is stored under the scheme:
location = maildir:/var/dovecot/mail/%d/%n:INDEX=/var/dovecot/index/%d/%n
See if chmod g+s /var/dovecot/mail solves your troubles. The same for index dir.
I added explanation to http://wiki2.dovecot.org/SharedMailboxes/Permissions#Permissions_to_new_user...
participants (3)
-
Dominic Marks
-
e-frog
-
Timo Sirainen