On Sunday 11 October 2009 23:49:22 Nicolas François wrote: > IIRC, it was a problem for the support of shared mailboxes. > Index files are created whose permissions mimic the mailbox' permissions. > The 'mail' group ownership would require dovecot to be in the mail group.
Why? For Dovecot to access files mode 0600 owned by various users it must run as root (at least initially), in that case it can access all files. The only reason why mode 0660 would be a problem is if Dovecot changes to the GID and UID of the user before such access and can't be configured to use the GID of mail instead. This seems to be a bug (or at least a missing feature) in Dovecot. I'm all in favor of making access control more strict, so I support mode 0600 mail files. But what you are saying about Dovecot is not a valid reason IMHO. Also as an aside I think it's a bad idea for a program like Dovecot to create index files in /var/mail. I believe it should be in /var/lib/dovecot or similar. /var/mail is used by many programs and I believe that it should not have any files other than the mboxes. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
