On Sun, 2009-12-13 at 14:37 -0800, Tudod Ki wrote: > if i: > chmod 777 /var/lib/dovecot /var/lib/dovecot/control /var/lib/dovecot/index > could that make a security hole?
It's definitely a bad idea anyway. First of all, you shouldn't really use /var/lib/dovecot/ for users' mail data (or the index/control files). It's mainly meant for Dovecot's internal state. Use for example /var/lib/mails/ or something like that. Then I guess you're making them 0777 because you're using multiple UIDs and you want Dovecot to be able to create the directories? A bit safer way to do that would be to set them 01777, i.e. have the +t bit enabled similar to /tmp directory has. Maybe even better would be if you made them 01770 and as a group use something like "dovemail" and set mail_access_groups=dovemail. Then only Dovecot processes would be able to access those directories. If you're using deliver this might get more difficult though.
signature.asc
Description: This is a digitally signed message part
