Dovecot will copy the mail root permissions when creating directories & folders.
Aki On 12.04.2018 22:45, Rubén Fernández Asensio wrote: > > Hello all, > > I'm setting up an IMAP server with dovecot. I've set up system users > with PAM authentication and Maildir maiboxes. > > I'd like to share mailboxes among them, but regardless of what I try, > I bump into filesystem permissions. > > I want to have Maildirs created for new users with the right > permissions. I even changed "UMASK" in file /etc/login.defs from 022 > to 002, but the Maildirs are still created with 700 permissions: > > ls -l /home/ximplet2/ > total 4 > drwx------ 9 ximplet2 users 4096 Apr 12 19:10 Maildir > > Really there's no better way than running "chmod -R g=u > /home/ximplet2/Maildir" and "chmod g+s /home/ximplet2/Maildir" for > every user? Really?? > > I read that, before v.2, Dovecot had a "umask" option to do precisely > want I need, but it was removed. > > How are we supposed to use ACL with system users nowadays? > > Rubeno > > P.S: my doveconf -n: > > # 2.2.31 (65cde28): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.19 (e5c7051) > # OS: Linux 4.4.0-119-generic x86_64 Ubuntu 16.04.4 LTS > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > mail_access_groups = kundividantoj > mail_location = maildir:~/Maildir:LAYOUT=fs > mail_plugins = acl > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext imapsieve vnd.dovecot.imapsieve > namespace { > list = yes > location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/Komunujo/%%n > prefix = Komunujo/%%n/ > subscriptions = no > type = shared > } > namespace inbox { > inbox = yes > location = > mailbox Malnetujo { > auto = subscribe > comment = Mesaĝoj ne finitaj nek senditaj > special_use = \Drafts > } > mailbox Rubujo { > auto = subscribe > autoexpunge = 120 days > comment = Ĉi tien iras la forviŝitaj mesaĝoj > special_use = \Trash > } > mailbox Senditujo { > auto = subscribe > special_use = \Sent > } > mailbox Spamujo { > auto = create > autoexpunge = 30 days > comment = Mesaĝoj markitaj kiel ne deziritaj > special_use = \Junk > } > prefix = > subscriptions = yes > type = private > } > passdb { > driver = pam > } > plugin { > acl = vfile > acl_shared_dict = file:/var/lib/dovecot/kundividitaj/shared-mailboxes > imapsieve_mailbox1_before = > file:/etc/dovecot/sieve/imapsieve/report-spam.sieve > imapsieve_mailbox1_causes = COPY FLAG > imapsieve_mailbox1_name = Spamujo > imapsieve_mailbox2_before = > file:/etc/dovecot/sieve/imapsieve/report-ham.sieve > imapsieve_mailbox2_causes = COPY > imapsieve_mailbox2_from = Spamujo > imapsieve_mailbox2_name = * > sieve = file:~/sieve;active=~/.dovecot.sieve > sieve_after = /etc/dovecot/sieve/final > sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.debug > sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.debug > sieve_pipe_bin_dir = /usr/bin > sieve_plugins = sieve_imapsieve sieve_extprograms > } > protocols = " imap lmtp sieve" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = > mode = 0777 > user = > } > } > ssl = required > ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem > ssl_key = # hidden, use -P to show it > userdb { > driver = passwd > } > protocol lda { > mail_plugins = acl sieve > } > protocol imap { > mail_plugins = acl imap_acl imap_sieve > > } >