Yves Goergen wrote:> The issue still exists. Can anybody explain to me why dovecot creates > IMAP folders with the wrong filesystem permissions?On a lark, I looked through my dirs @ permissions. Shorted lines a bit so they'd fit w/o extra lines between them using: (get rid of text before permissions, and shorten user/group to a few letter) find . -type d -ls|sed -r 's/^\s*\S+\s+\S+\s+// ; s/linda(group)?/usr/g' Made it wasy to look down the 1st column and find where things were different. FWIW, using mbox format. My base permissions were : drwxrwxr-x most were: : drwxrwsr-x I noticed that subdirs I created *by hand* (to later move folders into), often had different permissions : drwxrwsr-- The first auto-dir created by dovecot (.imap under top dir) had some perms drawn from the base : drwxrwxr-- First auto-subdir created (INBOX) had : drwxrwxr-x BUT...had a different group -- one that I used ages ago before making sure that the username based group took priority. (I make each user's primary group one based on their username). Another imap created subdir (.imap/Junk) : drwxrwx--- took it's perms from the base file. Most of my mbox files have : -rw-rw-r-- but Junk was : -rw-rw---- (thus no 'r' bit on .imap/Junk) In all the cases, the folders that were different derived from manually created mboxes, *OR* a few auto-created MBOXES (like INBOX ... and likely 'Trash' -- but before using dovecot, I already had a 'Trash' mbox, so it just used it w/the same perms. In your case, the permissions likely derive from the umask that dovecot was(is?) running with when it created the 'builtin' files (like Trash, Inbox, etc..) Does that fit your case?
To be honest, I can't follow you. I see that I have inconsistent permissions (but all the same owner and group). I did use a different mail server software in the past, but that's long ago and I can't even remember when I switched to Dovecot. I think it was Courier-IMAP before. Maildirs for new mailboxes are still created by one of my own scripts so maybe that script creates the maildirs with some wrong permissions. I'll first have to look up what all those funny letters actually mean. They're too rare to remember. -Yves ________________________________________ Von: Linda A. Walsh Gesendet: Mo, 2018-05-21 20:20 +0200 Yves Goergen wrote:> The issue still exists. Can anybody explain to me why dovecot creates > IMAP folders with the wrong filesystem permissions?On a lark, I looked through my dirs @ permissions. Shorted lines a bit so they'd fit w/o extra lines between them using: (get rid of text before permissions, and shorten user/group to a few letter) find . -type d -ls|sed -r 's/^\s*\S+\s+\S+\s+// ; s/linda(group)?/usr/g' Made it wasy to look down the 1st column and find where things were different. FWIW, using mbox format. My base permissions were : drwxrwxr-x most were: : drwxrwsr-x I noticed that subdirs I created *by hand* (to later move folders into), often had different permissions : drwxrwsr-- The first auto-dir created by dovecot (.imap under top dir) had some perms drawn from the base : drwxrwxr-- First auto-subdir created (INBOX) had : drwxrwxr-x BUT...had a different group -- one that I used ages ago before making sure that the username based group took priority. (I make each user's primary group one based on their username). Another imap created subdir (.imap/Junk) : drwxrwx--- took it's perms from the base file. Most of my mbox files have : -rw-rw-r-- but Junk was : -rw-rw---- (thus no 'r' bit on .imap/Junk) In all the cases, the folders that were different derived from manually created mboxes, *OR* a few auto-created MBOXES (like INBOX ... and likely 'Trash' -- but before using dovecot, I already had a 'Trash' mbox, so it just used it w/the same perms. In your case, the permissions likely derive from the umask that dovecot was(is?) running with when it created the 'builtin' files (like Trash, Inbox, etc..) Does that fit your case?
Yves Goergen wrote:> To be honest, I can't follow you. I see that I have inconsistent > permissions (but all the same owner and group). I did use a different > mail server software in the past, but that's long ago and I can't even > remember when I switched to Dovecot. I think it was Courier-IMAP before. > > Maildirs for new mailboxes are still created by one of my own scripts so > maybe that script creates the maildirs with some wrong permissions. I'll > first have to look up what all those funny letters actually mean. > They're too rare to remember.--- hopefully quick explanation of letters +-d=directory | usr(me) (r=read,w=write,x=cross(ing)...allows seeing things below this directory but 'r' controls seeing things *in* this directory) | ||| group | ||| ||| everyone else My base permissions were : d rwx rwx r-x most were: : d rwx rws r-x The 's' on the group-triplet means set-group on files+dirs below this The exact permissions aren't so important other than to know that 1) when it creates an internal directory (like .imap/whatever), those it followed the permissions on my original mbox. 2) when it creats an internal mbox (like INBOX, Trash, Sent...etc) it may use whatever it's own umask allows. Umasks are often set to system defaults like 022 or 002 on 'friendly systems -- they *remove* a bit from a permission set on a file. Those perms are in octal (0-7), with octal you need 3 bits 0111 = 1*4 + 1*2 + 1*1 -- the high bit (multiplied by highest amount, in this case 4, corresponds to the read permission, the 2 corresponds to write permission and the 1 corresponds to execute on files files, or cross-through for directories. So a umask of 022 would filter out the 2nd bit in each permission mask (i.e. the write bit for groups (the middle number) and the write bit for 'other' (the 3rd group) Since I allow groups to write, I have 002 so people in the same group can write. Windows will use something like 077 on your home directory -- only the user has any access, by default. the 7's mask out access for any created files. If the process that runs dovecot runs with a umask different from you, by default it might create differently permissioned files. If you create a directory manually, that also might be different from what you normally see. In your case 'Trash' had different permissions -- a directory or file that would have been created by dovecot. so it may be running with different default permissions (settable via the usmask), than you. Hope that helps some rather than confuses more...was a quick summary of stuff.> > >
On Mon May 21 2018 14:20:51 GMT-0400 (Eastern Standard Time), Linda A. Walsh <dovecot at tlinx.org> wrote:> Yves Goergen wrote: >> The issue still exists. Can anybody explain to me why dovecot creates >> IMAP folders with the wrong filesystem permissions? > On a lark, I looked through my dirs @ permissions. Shorted lines a bit > so they'd fit w/o extra lines between them using: > (get rid of text before permissions, and shorten user/group to a few letter) > find . -type d -ls|sed -r 's/^\s*\S+\s+\S+\s+// ; s/linda(group)?/usr/g'I repeat something from a similar thread from last year... It would be nice if Dovecot had something like Postfix's set-permissions command to automatically fix permissions issues. Dovecot may be a little more complicated and have more possible ways things could be configured, but the possibilities are finite (aren't they?) so this could be handled by defining the different possibilities and having a conf option you can set to tell dovecot what scheme you are using (or if possible, some way to auto-detect it and fall back to spitting out an error asking you to define it manually if it can't).