dovecot - Nov 2009 - Ownership and permissions for the index directory/filesystem

I recently upgraded from DC 1.1.15 to 1.2.6.  The /var/dcindx index root 
directory is:

drwxrwsrwt 3962 root     sys          192512 Nov 13 11:56 ./

thus 3777. 

It appears that the user index directories created under DC1.1 look like 
this (here for /var/dcindx/cep):

drwx--S---    5 cep      sys             256 Nov 13 14:26 cep/

while those created under V1.2 look like:

drwx------    3 lrenart  sys             256 Nov 12 14:59 lrenart/

It seems that the first time that DC goes to do indexing, I now see this 
error msg:

Nov 12 11:45:15 mercury mail:err|error dovecot: IMAP(bpyi):
open(/var/spool/mail/bpyi) failed: Permission denied (euid=2586(bpyi)
egid=2000(bard2) missing +w perm: /var/spool/mail)

...but never again...

Questions:
1) Are the ownership and permissions on the /var/dcindx index root 
directory ideal or should they be something else?
2) Ideally what should the ownership and permissions be for individual 
user subdirs?  I create the user mail directories when creating a new 
account, so it would be little extra trouble to create and set the 
ownership and permissions.

I am currently using mbox mailbox format but will be migrating to 
maildir over the next some months.
Dovecot -n
> # 1.2.6: /usr/local/etc/dovecot.conf
> # OS: AIX 3 0001378F4C00  
> listen: *:143
> ssl_listen: *:993
> disable_plaintext_auth: no
> verbose_ssl: yes
> login_dir: /var/run/dovecot/login
> login_executable: /usr/local/libexec/dovecot/imap-login
> login_processes_count: 12
> login_max_processes_count: 774
> max_mail_processes: 1280
> mail_max_userip_connections: 12
> verbose_proctitle: yes
> first_valid_uid: 200
> mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u:INDEX=/var/dcindx/%u
> mbox_write_locks: fcntl
> mbox_dirty_syncs: no
> lda:
>   postmaster_address: postmaster at example.com
> auth default:
>   passdb:
>     driver: pam
>   userdb:
>     driver: passwd





-- 
==== Once upon a time, the Internet was a friendly, 
neighbors-helping-neighbors small town, and no one locked their doors. 
Now it's like an apartment in Bed-Stuy: you need three heavy duty 
pick-proof locks, one of those braces that goes from the lock to the 
floor, and bars on the windows.... ==== Stewart Dean, Unix System Admin, 
Bard College, New York 12504 sdean at bard.edu voice: 845-758-7475, fax: 
845-758-7035

On Fri, 2009-11-13 at 15:27 -0500, Stewart Dean wrote:
> Nov 12 11:45:15 mercury mail:err|error dovecot: IMAP(bpyi):
open(/var/spool/mail/bpyi) failed: Permission denied (euid=2586(bpyi)
egid=2000(bard2) missing +w perm: /var/spool/mail)
It's trying to create bpyi user's INBOX that doesn't exist yet, but
fails because it doesn't have write access to /var/spool/mail/
directory. Probably gets fixed by the time the user gets the first mail
and your MTA creates the file.
> Questions:
> 1) Are the ownership and permissions on the /var/dcindx index root 
> directory ideal or should they be something else?
They're fine.
> 2) Ideally what should the ownership and permissions be for individual 
> user subdirs?  I create the user mail directories when creating a new 
> account, so it would be little extra trouble to create and set the 
> ownership and permissions.
0700, owned by the user.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20091113/617dd605/attachment-0002.bin>