[Dovecot] moving mail from private inbox to public folder kills the latter
Jerrale G
jerrale at sheltoncomputers.com
Wed Aug 11 21:54:59 EEST 2010
On 8/11/2010 2:51 PM, Jerrale G wrote:
> On 8/11/2010 2:45 PM, Tamas Kadar wrote:
>> On 8/11/2010 7:32 PM, Jerrale G wrote:
>>> On 8/11/2010 12:54 PM, Tamas Kadar wrote:
>>>> On 8/11/2010 6:52 PM, Jerrale G wrote:
>>>>> On 8/11/2010 12:49 PM, Tamas Kadar wrote:
>>>>>> On 8/11/2010 6:45 PM, Jerrale G wrote:
>>>>>>> On 8/11/2010 12:02 PM, Tamas Kadar wrote:
>>>>>>>> Also, it's weird that the mail we have since we migrated to
>>>>>>>> dovecot is
>>>>>>>> either 700 or 755, most user's mailboxes are 777, so it
>>>>>>>> shouldn't be
>>>>>>>> 700...
>>>>>>>>
>>>>>>>> (Yeah, I know, not very secure, however no user has shell access,
>>>>>>>> only
>>>>>>>> by mail)
>>>>>>>>
>>>>>>>> Best regrds
>>>>>>>> Tamas
>>>>>>>>
>>>>>>>> On 8/11/2010 5:52 PM, Tamas Kadar wrote:
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> I've ran into something rather nasty: if a user moves a mail from
>>>>>>>>> its
>>>>>>>>> inbox to a public folder, the folder becomes inaccessible for
>>>>>>>>> others,
>>>>>>>>> because the moved file will have the the permission 600 instead
>>>>>>>>> of 777
>>>>>>>>> (or 666) which the rest of the emails have in the folder.
>>>>>>>>>
>>>>>>>>> How can I change this behavior so when he moves the mail it
>>>>>>>>> automatically becomes world-readable? Also why one mail kills the
>>>>>>>>> whole
>>>>>>>>> folder?
>>>>>>>>>
>>>>>>>>> Here's the error I get:
>>>>>>>>> Error:
>>>>>>>>> open(/home/_shared/projects/.Long.Folder/cur/1281535484.M3B5A7P15183Q0.mail_espell_com:2,Sb)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> failed: Permission denied (euid=1000(ktamas) egid=1000(ktamas)
>>>>>>>>> missing
>>>>>>>>> +r perm:
>>>>>>>>> /home/_shared/projects/.Long.Folder/cur/1281535484.M3B5A7P15183Q0.mail_espell_com:2,Sb,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> euid is not dir owner)
>>>>>>>>>
>>>>>>>>> Thanks and best regards
>>>>>>>>> Tamas
>>>>>>>>
>>>>>>> make sure you have the namespaces specified for the public
>>>>>>> folders so
>>>>>>> that the correct permissions will be set.
>>>>>>>
>>>>>>> http://wiki.dovecot.org/Namespaces
>>>>>>>
>>>>>>> J. G.
>>>>>>>
>>>>>>> J. G.
>>>>>>>
>>>>>>
>>>>>> I think I set it right, here are my namespaces:
>>>>>>
>>>>>> # User's mailbox
>>>>>> namespace {
>>>>>> inbox = yes
>>>>>> location =
>>>>>> prefix =
>>>>>> separator = .
>>>>>> type = private
>>>>>> }
>>>>>>
>>>>>> # The public namespace
>>>>>> namespace {
>>>>>> location = maildir:/home/_shared/projects:INDEX=~/Maildir/_shared
>>>>>> prefix = shared.
>>>>>> separator = .
>>>>>> subscriptions = no
>>>>>> type = public
>>>>>> }
>>>>> That is fine as long as you don't have a mysql query, berkeley, or
>>>>> passwd file looking up the user's homedir, password, and such as
>>>>> well.
>>>>> If you do, take out the namespace for private as this will defined
>>>>> another way.
>>>>>
>>>>> J. G.
>>>>
>>>> Users are authenticated through PAM. No SQL or BerkeleyDB involved. Do
>>>> you mean that I should disable the private namespace and only define
>>>> the public?
>>>>
>>>> Tamas
>>> Yes, because you have it authenticated and defined by PAM or
>>> mail_location=
>>>
>>> J. G.
>>
>> I've just tried that, if I disable the first (private) namespace,
>> things break:
>>
>> Error: user ktamas: Initialization failed: namespace configuration
>> error: inbox=yes namespace missing
>>
>> Tamas
>
> Create an account on PAM that everyone can read and write to, having
> the group as a supplemental; set this account as the public namespace,
> including the inbox.
>
>
Make sure you chmod -R 770 /path/to/public and this will keep any
anonymous from writing to it.
--
Jerrale G.
SC Senior Admin
More information about the dovecot
mailing list