If a user doesn't have a ~/mail directory and logs in, the directory is created for them. However, it is created with insecure permissions, 0770 (full group access). The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c: #define CREATE_MODE 0770 /* umask() should limit it more */ The code then uses CREATE_MODE as an argument to mkdir_parents(), but mkdir_parents() overrides the umask setting and forces the requested permissions. There's no way to override this except to change the source code. It looks like the same thing is in dbox-storage.c and cydir-storage.c. This is with Dovecot 1.2.10. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On Fri, 2010-02-05 at 11:20 -0600, Chris Adams wrote:> If a user doesn't have a ~/mail directory and logs in, the directory is > created for them. However, it is created with insecure permissions, > 0770 (full group access). > > The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c: > > #define CREATE_MODE 0770 /* umask() should limit it more */Fixed: http://hg.dovecot.org/dovecot-1.2/rev/99caf87fb3ce Also v2.0 handles this by copying the parent directory's permissions. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20100206/296d0073/attachment-0002.bin>
Once upon a time, Timo Sirainen <tss at iki.fi> said:> On Fri, 2010-02-05 at 11:20 -0600, Chris Adams wrote: > > If a user doesn't have a ~/mail directory and logs in, the directory is > > created for them. However, it is created with insecure permissions, > > 0770 (full group access). > > > > The problem is this bit in src/lib-storage/index/mbox/mbox-storage.c: > > > > #define CREATE_MODE 0770 /* umask() should limit it more */ > > Fixed: http://hg.dovecot.org/dovecot-1.2/rev/99caf87fb3ce > > Also v2.0 handles this by copying the parent directory's permissions.I'm not sure that copying the parent directory's permissions is the correct thing in all cases. Children of the home directory (e.g. ~/mail, ~/sieve) may need to be handled as a special case. For example, I have a server that handles mail, web, and shell accounts for a number of users. Since it handles web for the users, they have ~/public_html, and their home directory has to have at least world-execute for ~/public_html to be visible. However, that doesn't mean that ~/mail should also have world-execute. I can create ~/mail and ~/sieve with 0700 perms, but some users (which do dumb things all the time) will at some point delete one or both of those directories. Then the next time Dovecot needs one, it would copy home directory perms, which are at a minimum 0701. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.