Russell Coker <russell <at> coker.com.au> writes: > > On Sunday 11 October 2009 23:49:22 Nicolas François wrote: > > IIRC, it was a problem for the support of shared mailboxes. > > Index files are created whose permissions mimic the mailbox' permissions. > > The 'mail' group ownership would require dovecot to be in the mail group. > > Why? > > For Dovecot to access files mode 0600 owned by various users it must run as > root (at least initially), in that case it can access all files. > > The only reason why mode 0660 would be a problem is if Dovecot changes to the > GID and UID of the user before such access and can't be configured to use the > GID of mail instead. This seems to be a bug (or at least a missing feature) > in Dovecot. > > I'm all in favor of making access control more strict, so I support mode 0600 > mail files. > > But what you are saying about Dovecot is not a valid reason IMHO. > > Also as an aside I think it's a bad idea for a program like Dovecot to create > index files in /var/mail. I believe it should be in /var/lib/dovecot or > similar. /var/mail is used by many programs and I believe that it should not > have any files other than the mboxes.
If you are using mboxes, the index files will be in /var/mail/.imap/ by default. For maildirs, ~/Maildir/.imap I think these are reasonable defaults for the package but if it is needed you can change the location via the mail_location setting in /etc/dovecot/dovecot.conf (see /usr/share/doc/dovecotcommon/wiki/MailLocation.txt.gz for details.) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
