Once upon a time, Timo Sirainen <tss@iki.fi> said:

On Fri, 2010-02-05 at 11:20 -0600, Chris Adams wrote:

...

If a user doesn't have a ~/mail directory and logs in, the directory is created for them. However, it is created with insecure permissions, 0770 (full group access).

The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c:

#define CREATE_MODE 0770 /* umask() should limit it more */

Fixed: http://hg.dovecot.org/dovecot-1.2/rev/99caf87fb3ce

Also v2.0 handles this by copying the parent directory's permissions.

I'm not sure that copying the parent directory's permissions is the correct thing in all cases. Children of the home directory (e.g. ~/mail, ~/sieve) may need to be handled as a special case.

For example, I have a server that handles mail, web, and shell accounts for a number of users. Since it handles web for the users, they have ~/public_html, and their home directory has to have at least world-execute for ~/public_html to be visible. However, that doesn't mean that ~/mail should also have world-execute.

I can create ~/mail and ~/sieve with 0700 perms, but some users (which do dumb things all the time) will at some point delete one or both of those directories. Then the next time Dovecot needs one, it would copy home directory perms, which are at a minimum 0701.

-- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.

Once upon a time, Timo Sirainen <tss@iki.fi> said:

On Sun, 2010-02-07 at 12:02 -0600, Chris Adams wrote:

...

...

Also v2.0 handles this by copying the parent directory's permissions.

Oh, actually I lied. When creating mailbox directories, it copies the permissions from mail root directory. But if the mail root doesn't exist, it's created with 0700.

That sounds good to me. Thanks!

Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.