[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions of /var/mail/$USER

On Oct 11, 2009, at 8:49 AM, Nicolas François wrote:

When an user is created, useradd creates a /var/mail/$USER mailbox with
the mode 0660 (owned by $USER:mail).

I heard this causes some issues for dovecot, and a solution could be to
move to mode 0600.
IIRC, it was a problem for the support of shared mailboxes.
Index files are created whose permissions mimic the mailbox' permissions. The 'mail' group ownership would require dovecot to be in the mail group.

I assume that this could be solved internally by dovecot, but it would be
easier (and safer) to move to a 0600 policy.

Correct. There's no reason for mailboxes to be 0660 in most systems, they'll only make it easier to exploit some security hole read everyone's mail. So although Dovecot could work around this issue, I've always just instructed people to do chmod 0600 /var/mail/* as a way to solve it.
Reply to: