On Fri, 2010-02-05 at 11:20 -0600, Chris Adams wrote: > If a user doesn't have a ~/mail directory and logs in, the directory is > created for them. However, it is created with insecure permissions, > 0770 (full group access). > > The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c: > > #define CREATE_MODE 0770 /* umask() should limit it more */
Fixed: http://hg.dovecot.org/dovecot-1.2/rev/99caf87fb3ce Also v2.0 handles this by copying the parent directory's permissions.
signature.asc
Description: This is a digitally signed message part
