[Dovecot] Problem with created ~/mail directory

Chris Adams cmadams at hiwaay.net
Fri Feb 5 19:20:59 EET 2010

If a user doesn't have a ~/mail directory and logs in, the directory is
created for them.  However, it is created with insecure permissions,
0770 (full group access).

The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c:

   #define CREATE_MODE 0770 /* umask() should limit it more */

The code then uses CREATE_MODE as an argument to mkdir_parents(), but
mkdir_parents() overrides the umask setting and forces the requested
permissions.  There's no way to override this except to change the
source code.

It looks like the same thing is in dbox-storage.c and cydir-storage.c.

This is with Dovecot 1.2.10.
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the dovecot mailing list