On Wed, 2009-06-17 at 16:38 +0200, Steffen Kaiser wrote:
> I've copied the default mail_location and changed its CONTROL and INDEX
> settings:
>
> namespace shared {
> ...What does this "..." contain? :) Like prefix, separator? > a) IMAP insists to connect to $install_prefix/var/run/dovecot/auth-master > instead of /var/run/dovecot/auth-master used by deliver. It connects to base_dir/var/run/dovecot/ where base_dir is the setting in dovecot.conf. > b) This socket needs to be r/w for every user, which is a security risk as > mentioned in the conf and the default permission is 0600. It allows looking up userdb data, which is pretty similar to being able to do cat /etc/passwd. So not a huge security risk, but.. > For deliver I changed the socket attr to permission 0660 and group=mail; > for making %%h work I added mail_access_groups=mail I would have used a different group than "mail", since it's often used by the system for other things too. > There had been a suggestion of a special user-shared namespace a while > back. How about to add the base location in the shared-mailboxes.db? So > instead of "1" the value is the base of the shared location, e.g. > maildir:/local/testuser or maildir:/home/user/Maildir..., and some %%? > token takes the string from there. Because the path is known from the db > now, the other problems mentioned above do no longer apply. And when the path is changed in userdb, it points to a wrong location.
signature.asc
Description: This is a digitally signed message part
