[Pkg-shadow-devel] Permissions of /var/mail/$USER
Nicolas François
nicolas.francois at centraliens.net
Sun Oct 11 12:49:22 UTC 2009
Hello,
On Sun, Oct 11, 2009 at 12:45:20PM +0200, Bjørn Mork wrote:
> Nicolas François <nicolas.francois at centraliens.net> writes:
>
> > When an user is created, useradd creates a /var/mail/$USER mailbox with
> > the mode 0660 (owned by $USER:mail).
> >
> > I heard this causes some issues for dovecot, and a solution could be to
> > move to mode 0600.
>
> Where did you hear this?
It was a request on IRC
> Exactly what did you hear?
IIRC, it was a problem for the support of shared mailboxes.
Index files are created whose permissions mimic the mailbox' permissions.
The 'mail' group ownership would require dovecot to be in the mail group.
I assume that this could be solved internally by dovecot, but it would be
easier (and safer) to move to a 0600 policy.
> Is this documented in a bug report?
>
> Maybe some reference(s) to the bug report(s) would make it easier for
> the rest of us to understand the issues?
>
>
> > Here is an extract from the Debian policy:
> >
> > Mailboxes are generally either mode 600 and owned by <user> or mode
> > 660 and owned by `<user>:mail'[3]. The local system administrator may
> > choose a different permission scheme; packages should not make
> > assumptions about the permission and ownership of mailboxes unless
> > required (such as when creating a new mailbox).
>
> Anyway, doesn't this make any dovecot issue a policy violation? Or am I
> misunderstanding the "packages should not make assumptions about the
> permission and ownership of mailboxes" part?
It would be a violation of a "should".
This "should" is also followed by "unless required", which is vague enough
to include any technical reason dovecot may have.
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list