Joseph Tam <jtam.h...@gmail.com> writes: > Michael Welsh Duggan writes: > >> All the files in my Maildir are owned by md5i:mail (I am md5i), and have >> 660 permissions. All directories have the same user:group permissions, >> and 770 with the setguid bit set. (That last may not be necessary, but >> ... >> >> doveadm(md5i): Error: >> fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, >> group=8(mail)) failed: Operation not permitted (egid=1000(md5i), >> group based on /home/md5i/Maildir/.mail.test - see >> http://wiki2.dovecot.org/Errors/ChgrpNoPerm) >> >> After this, each directory has a dovecot.index.log with md5i:md5i 600 >> permissions. > > I think the cause is clear enough: you (user=md5i/uid=1000) are not > part of group mail (gid=8), so the dovecot user process doing things on > your behalf cannot create index files that are anlogous to the mailbox > it's indexing. > > You can either > > 1) add "md5i" to group mail > 2) remove g+w permission on your mail files (making group > membership irrelevant) > 3) fiddle with "mail_privileged_group = mail", but I'm a little > hazy on all the ramifications of this. > > I don't know your particular circumstances, so I don't know which > is best. If (big if) nothing on your system (particularly the MTA) > requires access to your mail spool files by running as group=mail, > probably 2) is your best option.
Thank you. 2) did the trick, and I think I understand how this works now. -- Michael Welsh Duggan (m...@md5i.com)
