[Dovecot] Feature request for maildir style boxes

Timo Sirainen tss at iki.fi
Wed Oct 6 03:17:55 EEST 2010


On 6.10.2010, at 0.56, David Ford wrote:

> what is the purpose in dovecot assuming that it should set a gid other
> than the userid:gid it's operating under?

Shared mailboxes.

> security minded folks make explicit permissions on directories to
> prevent software from errantly setting loose ownership which might lead
> to unintended information leakage or unauthorized access by other
> software.  the directory is not setgid, programs should not attempt to
> give away ownership unless directed to.

Maybe it should have been done only with g+s mode set. I may have had a reason for why I didn't do it that way, or maybe not. Changing it now would anyway break existing installations, so that doesn't seem like a great idea either.



More information about the dovecot mailing list