[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions of /var/mail/$USER


On Sun, Oct 11, 2009 at 12:45:20PM +0200, Bjørn Mork wrote:
> Nicolas François <nicolas.francois@centraliens.net> writes:
> > When an user is created, useradd creates a /var/mail/$USER mailbox with
> > the mode 0660 (owned by $USER:mail).
> >
> > I heard this causes some issues for dovecot, and a solution could be to
> > move to mode 0600.
> Where did you hear this?

It was a request on IRC

> Exactly what did you hear?

IIRC, it was a problem for the support of shared mailboxes.
Index files are created whose permissions mimic the mailbox' permissions.
The 'mail' group ownership would require dovecot to be in the mail group.

I assume that this could be solved internally by dovecot, but it would be
easier (and safer) to move to a 0600 policy.

> Is this documented in a bug report?
> Maybe some reference(s) to the bug report(s) would make it easier for
> the rest of us to understand the issues? 
> > Here is an extract from the Debian policy:
> >
> >      Mailboxes are generally either mode 600 and owned by <user> or mode
> >      660 and owned by `<user>:mail'[3].  The local system administrator may
> >      choose a different permission scheme; packages should not make
> >      assumptions about the permission and ownership of mailboxes unless
> >      required (such as when creating a new mailbox). 
> Anyway, doesn't this make any dovecot issue a policy violation?  Or am I
> misunderstanding the "packages should not make assumptions about the
> permission and ownership of mailboxes" part?

It would be a violation of a "should".
This "should" is also followed by "unless required", which is vague enough
to include any technical reason dovecot may have.

Best Regards,

Reply to: