Ubuntu – Default permissions for courier imap folders

courierfile-permissionsimapUbuntu

I'm using courier imap. When a mail client creates a new folder, it's created on the filesystem with 640 permission. I need it to be writable by the group, or 660. I currently have /etc/courier/imapd IMAP_UMASK=007, but that's not enough.

I'm not sure what else to try. Any ideas? I'm using ubuntu server 12.04.

EDIT: I added a 50pt bounty to this. For an acceptable answer, I need a way to make it work from a package in a standard repo. If I download source and compile it myself, it won't be automatically kept up to date with security fixes.

If I don't find a better answer, I'll add code to the admin script to call another sudo approved script to chmod -R the whole directory before every change. But this is kind of hack-ish.

Best Answer

Well this stuff below is not going to work with mail server, but if in any case you can propagate the default folder permission via the following setfacl method shown below.

In any case you want to change the way fopen works I would use ld-preload on it, and make fopen with 660 instead of 600. Function to be taken over would be e.g. umask, chown, mkdir, open.

umask(0)                                = 077
mkdir("/home/test/Maildir/.INBOX.test", 0700) = 0
chown("/home/test/Maildir/.INBOX.test", 4294967295, 4294967295) = 0
open("/home/test/Maildir/.INBOX.test/maildirfolder", O_WRONLY|O_CREAT, 0600) = 15
mkdir("/home/test/Maildir/.INBOX.test/cur", 0700) = 0

You might want to use setfacl and getfacl. setfacl -m d:g::rw aaa setups the default permission on folder (so it's like inherited), that the group (the default group, which is not specified here between two :) would have both read and write permissions.

[test@test ~]$ setfacl -m d:g::rwx aaa
[test@test ~]$ getfacl aaa
# file: aaa
# owner: test
# group: test
user::rwx
group::---
other::---
default:user::rwx
default:group::rwx
default:other::---

[test@test~]$ mkdir aaa/zzz
[test@test ~]$ getfacl aaa/zzz
# file: aaa/zzz
# owner: test
# group: test
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---

[test@test ~]$ ls -l aaa
total 4
drwxrwx---+ 2 test test 4096 Jun 30 12:22 zzz
[test@test ~]$ umask
0077
[test@test ~]$

Related Solutions

Linux – Faster IMAP searching for Courier IMAP server on Linux

Looking through the courier imapd docs and my installs of it it doesn't seem to have a cache or index of anything beyond the uids of the messages.

Have you looked at dovecot? It looks like you can migrate to it without users noticing. It also has a discussion of how it cache's various bits of information in message database.

All that being said, a reading of the discussion of caching and indexing the message folder leads me to believe that perhaps the real place for caching and indexing the messages is on the client not the server. Probably a head-to-head test would be in order.

Ssh returns “Bad owner or permissions on ~/.ssh/config”

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Linux – Faster IMAP searching for Courier IMAP server on Linux

Ssh returns “Bad owner or permissions on ~/.ssh/config”

Related Topic