Re: Permissions of /var/mail/$USER
On Sun, Oct 11, 2009 at 12:45:20PM +0200, Bjørn Mork wrote:
> Nicolas François <firstname.lastname@example.org> writes:
> > When an user is created, useradd creates a /var/mail/$USER mailbox with
> > the mode 0660 (owned by $USER:mail).
> > I heard this causes some issues for dovecot, and a solution could be to
> > move to mode 0600.
> Where did you hear this?
It was a request on IRC
> Exactly what did you hear?
IIRC, it was a problem for the support of shared mailboxes.
Index files are created whose permissions mimic the mailbox' permissions.
The 'mail' group ownership would require dovecot to be in the mail group.
I assume that this could be solved internally by dovecot, but it would be
easier (and safer) to move to a 0600 policy.
> Is this documented in a bug report?
> Maybe some reference(s) to the bug report(s) would make it easier for
> the rest of us to understand the issues?
> > Here is an extract from the Debian policy:
> > Mailboxes are generally either mode 600 and owned by <user> or mode
> > 660 and owned by `<user>:mail'. The local system administrator may
> > choose a different permission scheme; packages should not make
> > assumptions about the permission and ownership of mailboxes unless
> > required (such as when creating a new mailbox).
> Anyway, doesn't this make any dovecot issue a policy violation? Or am I
> misunderstanding the "packages should not make assumptions about the
> permission and ownership of mailboxes" part?
It would be a violation of a "should".
This "should" is also followed by "unless required", which is vague enough
to include any technical reason dovecot may have.