> On 30 Jun 2022, at 15:40, Wietse Venema <wie...@porcupine.org> wrote: > > Felix Ingram: >> Hello all, >> >> Is it possible to set group read permissions on delivered mail? I'm using >> virtual to deliver mail to a local maildir and have set a static uid and >> gid. I would then like a separate process to read the mail but this runs as >> a different uid/user. I have added the user to a the same group that I've >> set as the GID but new mails are being saved without any group permissions. >> I've looked for a umask or similar setting but can't find anything. > > Postfix creates mailbox and maildir files with mode 0600. This > approach has not been exploitable for 25 years, and I'm not inclined > to change that. > > Making the permissions confgurable requires extrememly careful > analysis. > > - Calling chmod() is absolutely unsafe. > > - Calling fchmod() may be unsafe when a file already exists. > > - Temporarily changing the process umask from 077 to 007 is tricky > because the mask must be restored under all conditions. > > Having a program running as root scanning mailboxes is not secure, > either. > > Have you considered the possibility of using recipient_bcc_maps and > the pipe(8) delivery agent to feed messages into your program?
This idea made me realise that I’ve effectively added a third user into the mix that’s no longer needed. I was using Dovecot to store and address the mails but have since removed it. The only thing that accesses the mails now is my frontend so I may as well have that running as the same user that postfix is writing the mails as. Thanks for the help - I shall keep the bcc+pipe trick in my back pocket for a later date. Felix
