[Dovecot] Problem with created ~/mail directory
If a user doesn't have a ~/mail directory and logs in, the directory is created for them. However, it is created with insecure permissions, 0770 (full group access).
The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c:
#define CREATE_MODE 0770 /* umask() should limit it more */
The code then uses CREATE_MODE as an argument to mkdir_parents(), but mkdir_parents() overrides the umask setting and forces the requested permissions. There's no way to override this except to change the source code.
It looks like the same thing is in dbox-storage.c and cydir-storage.c.
This is with Dovecot 1.2.10.
Chris Adams cmadams@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On Fri, 2010-02-05 at 11:20 -0600, Chris Adams wrote:
If a user doesn't have a ~/mail directory and logs in, the directory is created for them. However, it is created with insecure permissions, 0770 (full group access).
The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c:
#define CREATE_MODE 0770 /* umask() should limit it more */
Fixed: http://hg.dovecot.org/dovecot-1.2/rev/99caf87fb3ce
Also v2.0 handles this by copying the parent directory's permissions.
Once upon a time, Timo Sirainen tss@iki.fi said:
On Fri, 2010-02-05 at 11:20 -0600, Chris Adams wrote:
If a user doesn't have a ~/mail directory and logs in, the directory is created for them. However, it is created with insecure permissions, 0770 (full group access).
The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c:
#define CREATE_MODE 0770 /* umask() should limit it more */
Fixed: http://hg.dovecot.org/dovecot-1.2/rev/99caf87fb3ce
Also v2.0 handles this by copying the parent directory's permissions.
I'm not sure that copying the parent directory's permissions is the correct thing in all cases. Children of the home directory (e.g. ~/mail, ~/sieve) may need to be handled as a special case.
For example, I have a server that handles mail, web, and shell accounts for a number of users. Since it handles web for the users, they have ~/public_html, and their home directory has to have at least world-execute for ~/public_html to be visible. However, that doesn't mean that ~/mail should also have world-execute.
I can create ~/mail and ~/sieve with 0700 perms, but some users (which do dumb things all the time) will at some point delete one or both of those directories. Then the next time Dovecot needs one, it would copy home directory perms, which are at a minimum 0701.
-- Chris Adams cmadams@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On Sun, 2010-02-07 at 12:02 -0600, Chris Adams wrote:
Also v2.0 handles this by copying the parent directory's permissions.
Oh, actually I lied. When creating mailbox directories, it copies the permissions from mail root directory. But if the mail root doesn't exist, it's created with 0700. I suppose the same should be done to sieve dir too.. Wonder if someone actually would want the permissions to be preserved.
Once upon a time, Timo Sirainen tss@iki.fi said:
On Sun, 2010-02-07 at 12:02 -0600, Chris Adams wrote:
Also v2.0 handles this by copying the parent directory's permissions.
Oh, actually I lied. When creating mailbox directories, it copies the permissions from mail root directory. But if the mail root doesn't exist, it's created with 0700.
That sounds good to me. Thanks!
Chris Adams cmadams@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
participants (2)
-
Chris Adams
-
Timo Sirainen