[Dovecot] permissions for dbox attachment directory
I am running dovecot 2.0.13 on CentOS5, set up with only local system users, and single instance store set up in a single directory.
e.g. mail_attachment_dir = /var/mail/attachments
I get errors when importing mail to IMAP because the attachment directories are owned by the respective mail account user(s) and so cannot be accessed or written to by other users.
Are there some user id setting I need to change, or do I have to run dovecot with virtual users under a single system account?
Thanks!
imap@tnde.org schreef:
I am running dovecot 2.0.13 on CentOS5, set up with only local system users, and single instance store set up in a single directory.
e.g. mail_attachment_dir = /var/mail/attachments
I get errors when importing mail to IMAP because the attachment directories are owned by the respective mail account user(s) and so cannot be accessed or written to by other users.
Are there some user id setting I need to change, or do I have to run dovecot with virtual users under a single system account?
Thanks!
Please post the exact error message, and the output of dovecot -n
This way it is much easier for people to help you, and it takes less guessing what is going on.
Gr Johan Hendriks Double L Automatisering
Please post the exact error message, and the output of dovecot -n
This way it is much easier for people to help you, and it takes less guessing what is going on.
Sorry, here's the full details.
Maillog says
Jun 25 19:10:55 test1 dovecot: imap(tu2): Error: stat(/var/mail/attachments/04/f6/.temp.test1.vmlan.local.1522.2cde9668dcad3fd5) failed: Permission denied Jun 25 19:10:55 test1 dovecot: imap(tu2): Error: safe_mkstemp(/var/mail/attachments/04/f6/.temp.test1.vmlan.local.1522.) failed: Permission denied
This is when attempting to export the same mail to two accounts. As the first user "tu1" get to own the attachment dirs, the second user "tu2" is denied permission.
Eg: drwx------ 3 tu1 tu1 4096 Jun 25 19:10 f6
2.0.13: /etc/dovecot/dovecot.conf
OS: Linux 2.6.18-238.9.1.el5 x86_64 CentOS release 5.6 (Final)
auth_debug = yes auth_debug_passwords = yes auth_verbose = yes disable_plaintext_auth = no mail_attachment_dir = /var/mail/attachments mail_attachment_min_size = 1 k mail_location = sdbox:~/dbox mbox_write_locks = fcntl passdb { driver = pam } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd }
On Sat, 2011-06-25 at 03:58 -0400, imap@tnde.org wrote:
I am running dovecot 2.0.13 on CentOS5, set up with only local system users, and single instance store set up in a single directory.
e.g. mail_attachment_dir = /var/mail/attachments
Currently you can't. I was a bit lazy in implementing this code not to preserve permissions. The idea would be anyway that you could make /var/mail/attachments 02770 and e.g. group=mail. Then set mail_access_groups=mail to Dovecot. Now the code should have created new directories under that with the same permissions and the files as 0660, but looks like it doesn't. The code is in src/lib-fs/fs-posix.c if you want to fix it yourself. You could as a workaround simply change all 0600 -> 0660 and 0700 -> 0770 and I guess it would work.
On Sat, 2011-06-25 at 03:58 -0400, imap@tnde.org wrote:
I am running dovecot 2.0.13 on CentOS5, set up with only local system users, and single instance store set up in a single directory.
e.g. mail_attachment_dir = /var/mail/attachments
Currently you can't. I was a bit lazy in implementing this code not to preserve permissions. The idea would be anyway that you could make /var/mail/attachments 02770 and e.g. group=mail. Then set mail_access_groups=mail to Dovecot. Now the code should have created new directories under that with the same permissions and the files as 0660, but looks like it doesn't. The code is in src/lib-fs/fs-posix.c if you want to fix it yourself. You could as a workaround simply change all 0600 -> 0660 and 0700 -> 0770 and I guess it would work.
Ok, if I understand you correctly, I would need to chmod to 660/770, but it would only work on existing folders, and every new item will be created as 600/700?
I guess the best way is setting up virtual users, presumably these work under a single system account? (for the time being this is running on a test server, using the simplest setup with system users)
Thanks for your help!
On Tue, 2011-06-28 at 10:08 -0400, imap@tnde.org wrote:
On Sat, 2011-06-25 at 03:58 -0400, imap@tnde.org wrote:
I am running dovecot 2.0.13 on CentOS5, set up with only local system users, and single instance store set up in a single directory.
e.g. mail_attachment_dir = /var/mail/attachments
Currently you can't. I was a bit lazy in implementing this code not to preserve permissions. The idea would be anyway that you could make /var/mail/attachments 02770 and e.g. group=mail. Then set mail_access_groups=mail to Dovecot. Now the code should have created new directories under that with the same permissions and the files as 0660, but looks like it doesn't. The code is in src/lib-fs/fs-posix.c if you want to fix it yourself. You could as a workaround simply change all 0600 -> 0660 and 0700 -> 0770 and I guess it would work.
Ok, if I understand you correctly, I would need to chmod to 660/770, but it would only work on existing folders, and every new item will be created as 600/700?
Yes, that's why I suggested modifying the source code so new items would be created with correct mode too.
I guess the best way is setting up virtual users, presumably these work under a single system account? (for the time being this is running on a test server, using the simplest setup with system users)
Yeah, that's the easiest solution.
participants (3)
-
imap@tnde.org
-
Johan Hendriks
-
Timo Sirainen