(Sorry about messing up threading, but I'm not subscribed and wasn't Cc'd) > > IIRC, it was a problem for the support of shared mailboxes. > > Index files are created whose permissions mimic the mailbox' permissions. > > The 'mail' group ownership would require dovecot to be in the mail group. > > Why? > > For Dovecot to access files mode 0600 owned by various users it must run as > root (at least initially), in that case it can access all files. > > The only reason why mode 0660 would be a problem is if Dovecot changes to the > GID and UID of the user before such access and can't be configured to use the > GID of mail instead. This seems to be a bug (or at least a missing feature) > in Dovecot. Dovecot can be configured to use mail group, but doing so just adds more risks. I could also change the code so that it doesn't try to preserve group for /var/mail/* files, but that could prevent some real cases when it's wanted to be done. > Also as an aside I think it's a bad idea for a program like Dovecot to create > index files in /var/mail. I believe it should be in /var/lib/dovecot or > similar. /var/mail is used by many programs and I believe that it should not > have any files other than the mboxes. The index files aren't created to /var/mail. The only issue is that it tries to change the created index files' group to mail, which fails and then it logs an error. It actually still continues, so the only issue is those periodic error messages.
Description: This is a digitally signed message part