Re: Permissions of /var/mail/$USER
On Oct 11, 2009, at 8:49 AM, Nicolas François wrote:
When an user is created, useradd creates a /var/mail/$USER mailbox
the mode 0660 (owned by $USER:mail).
I heard this causes some issues for dovecot, and a solution could
move to mode 0600.
IIRC, it was a problem for the support of shared mailboxes.
Index files are created whose permissions mimic the mailbox'
The 'mail' group ownership would require dovecot to be in the mail
I assume that this could be solved internally by dovecot, but it
easier (and safer) to move to a 0600 policy.
Correct. There's no reason for mailboxes to be 0660 in most systems,
they'll only make it easier to exploit some security hole read
everyone's mail. So although Dovecot could work around this issue,
I've always just instructed people to do chmod 0600 /var/mail/* as a
way to solve it.