Re: Permissions of /var/mail/$USER
Russell Coker <russell <at> coker.com.au> writes:
>
> On Sunday 11 October 2009 23:49:22 Nicolas François wrote:
> > IIRC, it was a problem for the support of shared mailboxes.
> > Index files are created whose permissions mimic the mailbox' permissions.
> > The 'mail' group ownership would require dovecot to be in the mail group.
>
> Why?
>
> For Dovecot to access files mode 0600 owned by various users it must run as
> root (at least initially), in that case it can access all files.
>
> The only reason why mode 0660 would be a problem is if Dovecot changes to the
> GID and UID of the user before such access and can't be configured to use the
> GID of mail instead. This seems to be a bug (or at least a missing feature)
> in Dovecot.
>
> I'm all in favor of making access control more strict, so I support mode 0600
> mail files.
>
> But what you are saying about Dovecot is not a valid reason IMHO.
>
> Also as an aside I think it's a bad idea for a program like Dovecot to create
> index files in /var/mail. I believe it should be in /var/lib/dovecot or
> similar. /var/mail is used by many programs and I believe that it should not
> have any files other than the mboxes.
If you are using mboxes, the index files will be in /var/mail/.imap/ by
default. For maildirs, ~/Maildir/.imap
I think these are reasonable defaults for the package but if it is needed you
can change the location via the mail_location setting in
/etc/dovecot/dovecot.conf (see
/usr/share/doc/dovecotcommon/wiki/MailLocation.txt.gz for details.)
Reply to: