Dovecot as LDA from within exim -- config permissions.

[Andreas Metzler]

On 2008-04-27 Fabio Tranchitella <kobold at kobold.it> wrote:
> * 2008-04-27 09:03, Andreas Metzler wrote:
> > Hello,
> > is there a reason why dovecot.conf is not 0644 root:root like any other
> > configuration file? It does not contain passwords usually.

> I'm not sure (can't check right now)but I suppose the upstream build system
> installs the configuration that way; this doesn't mean that we can't change
> it, of course, but I don't see any reason to do so.

It *already* is shipped 0644 in sid:

(SID)root at argenau:/# ls /etc/dovecot/ -l
ls: cannot access /etc/dovecot/: No such file or directory
(SID)root at argenau:/# DEBIAN_FRONTEND=noninteractive apt-get --purge install dove
cot-imapd
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  dovecot-common libkeyutils1 libkrb53 libmysqlclient15off libpq5 mysql-common
[...]
Setting up dovecot-imapd (1:1.0.13-2) ...
(SID)root at argenau:/# ls /etc/dovecot/ -l
total 128
-rw-r--r-- 1 root root  4621 Apr  1 13:58 dovecot-ldap-example.conf
-rw-r--r-- 1 root root  4621 Apr  1 13:58 dovecot-ldap.conf
-rw-r--r-- 1 root root  4633 Apr  1 13:58 dovecot-sql-example.conf
-rw-r--r-- 1 root root  4633 Apr  1 13:58 dovecot-sql.conf
-rw-r--r-- 1 root root 45279 Apr 27 08:12 dovecot.conf
-rw-r--r-- 1 root root 45273 Apr  1 13:58 dovecot.conf.bak

It might not be  intenional, though. Quoting dovecot-common.postinst:
------------------------------
if [ "$1" = "configure" ]; then
  for conffile in dovecot.conf dovecot-ldap.conf dovecot-sql.conf ; do
[...]
    if [ "$conffile" != "dovecot.conf" ] && [ -f "$conffile" ]; then
      chmod 0600 /etc/dovecot/$conffile
    fi
  done
-----------------------------

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'