[Pkg-shadow-devel] Permissions of /var/mail/$USER

Timo Sirainen tss at iki.fi
Sun Oct 11 22:26:33 UTC 2009

On Oct 11, 2009, at 8:49 AM, Nicolas François wrote:

>>> When an user is created, useradd creates a /var/mail/$USER mailbox  
>>> with
>>> the mode 0660 (owned by $USER:mail).
>>> I heard this causes some issues for dovecot, and a solution could  
>>> be to
>>> move to mode 0600.
> IIRC, it was a problem for the support of shared mailboxes.
> Index files are created whose permissions mimic the mailbox'  
> permissions.
> The 'mail' group ownership would require dovecot to be in the mail  
> group.
> I assume that this could be solved internally by dovecot, but it  
> would be
> easier (and safer) to move to a 0600 policy.

Correct. There's no reason for mailboxes to be 0660 in most systems,  
they'll only make it easier to exploit some security hole read  
everyone's mail. So although Dovecot could work around this issue,  
I've always just instructed people to do chmod 0600 /var/mail/* as a  
way to solve it.

More information about the Pkg-shadow-devel mailing list