[Dovecot] deliver and cloning file permissions

Timo Sirainen tss at iki.fi
Sun Feb 14 21:29:43 EET 2010


On Sat, 2010-02-13 at 14:57 +0100, Alexander 'Leo' Bergolth wrote:
> Feb 13 00:21:19 leo-x61 dovecot: deliver(leo):
> fchown(/home/leo/mail/.imap/INBOX/dovecot.index.log.newlock, -1,
> 12(mail)) failed: Operation not permitted (egid=100(users), group based
> on /var/mail/leo)
> 
> I know that dovecot tries to clone the mailbox permissions in order to
> support shared folders but it would be nice if there was an option to
> disable this (or to just try it and ignore the fchown error).
> 
> I could manually change group ownership of all mailboxes from mail to
> each user's primary group or set the mailbox-modes to 0600 

Right. That's also the safest solution, the mail files shouldn't be
group-rw anyway.

> but I'd also
> have to do that for every new user.
> (Tools to create users like useradd from shadow-utils use hardcoded file
> modes and group ownership.)

Yes, that's unfortunate. I was trying to get shadow-utils upstream to
change the default to 0600, but I'm not sure what happened. I guess
everyone just forgot about it. Maybe report this as a bug to your
distribution?

You could also of course create a script like useradd2 or something,
that fixes the permission afterwards.

No other solutions for this really. The correct solution is to keep the
file modes 0600, the other tools just need to be fixed to do that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100214/f345040c/attachment.bin 


More information about the dovecot mailing list