[Dovecot] moving mail from private inbox to public folder kills the latter

Tamas Kadar tamas.kadar at espell.com
Wed Aug 11 19:54:44 EEST 2010


On 8/11/2010 6:52 PM, Jerrale G wrote:
> On 8/11/2010 12:49 PM, Tamas Kadar wrote:
>> On 8/11/2010 6:45 PM, Jerrale G wrote:
>>> On 8/11/2010 12:02 PM, Tamas Kadar wrote:
>>>> Also, it's weird that the mail we have since we migrated to dovecot is
>>>> either 700 or 755, most user's mailboxes are 777, so it shouldn't be
>>>> 700...
>>>>
>>>> (Yeah, I know, not very secure, however no user has shell access, only
>>>> by mail)
>>>>
>>>> Best regrds
>>>> Tamas
>>>>
>>>> On 8/11/2010 5:52 PM, Tamas Kadar wrote:
>>>>> Hi
>>>>>
>>>>> I've ran into something rather nasty: if a user moves a mail from its
>>>>> inbox to a public folder, the folder becomes inaccessible for others,
>>>>> because the moved file will have the the permission 600 instead of 777
>>>>> (or 666) which the rest of the emails have in the folder.
>>>>>
>>>>> How can I change this behavior so when he moves the mail it
>>>>> automatically becomes world-readable? Also why one mail kills the
>>>>> whole
>>>>> folder?
>>>>>
>>>>> Here's the error I get:
>>>>> Error:
>>>>> open(/home/_shared/projects/.Long.Folder/cur/1281535484.M3B5A7P15183Q0.mail_espell_com:2,Sb)
>>>>>
>>>>>
>>>>> failed: Permission denied (euid=1000(ktamas) egid=1000(ktamas) missing
>>>>> +r perm:
>>>>> /home/_shared/projects/.Long.Folder/cur/1281535484.M3B5A7P15183Q0.mail_espell_com:2,Sb,
>>>>>
>>>>>
>>>>> euid is not dir owner)
>>>>>
>>>>> Thanks and best regards
>>>>> Tamas
>>>>
>>> make sure you have the namespaces specified for the public folders so
>>> that the correct permissions will be set.
>>>
>>> http://wiki.dovecot.org/Namespaces
>>>
>>> J. G.
>>>
>>> J. G.
>>>
>>
>> I think I set it right, here are my namespaces:
>>
>> # User's mailbox
>> namespace {
>> inbox = yes
>> location =
>> prefix =
>> separator = .
>> type = private
>> }
>>
>> # The public namespace
>> namespace {
>> location = maildir:/home/_shared/projects:INDEX=~/Maildir/_shared
>> prefix = shared.
>> separator = .
>> subscriptions = no
>> type = public
>> }
> That is fine as long as you don't have a mysql query, berkeley, or
> passwd file looking up the user's homedir, password, and such as well.
> If you do, take out the namespace for private as this will defined
> another way.
>
> J. G.

Users are authenticated through PAM. No SQL or BerkeleyDB involved. Do 
you mean that I should disable the private namespace and only define the 
public?

Tamas


More information about the dovecot mailing list