On Sat, 23 Jan 2016 19:29:36 +0100
Adam Wolk <adam.w...@tintagel.pl> wrote:
> Hi misc@
>
> I'm using OpenSMTPD setup according to [1]. OpenBSD's security(8)
> keeps complaining on the way I setup my maildir on the host.
>
> TL;DR: why u+x on users maildir is considered a bad practice?
>
> Running security(8):
>
> Checking mailbox ownership.
> user mulander mailbox is drwx------, group mulander
> user nemessica mailbox is drwx------, group nemessica
>
> Wanting to understand what I'm doing wrong I took a look at the code
> (as man security(8) only states that it checks maildir permissions, no
> details).
>
> Code performing the check is located in /usr/libexec/security
>
> # Mailboxes should be owned by the user and unreadable.
> sub check_mailboxes {
>
> I'm not exactly sure of the intent for the comment but the culprit in
> my case is the +x bit for the owner of the folder.
>
> Simply removing that leads to issues in my setup as dovecot sieve
> scripts can't traverse the directory and file mail accordingly.
>
> Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error:
> stat(/var/mail/mulander/tmp) failed: Permission denied
> (euid=1000(mulander) egid=1000(muland er) missing +x
> perm: /var/mail/mulander, dir owner missing perms) Jan 23 18:53:24
> tintagel dovecot: lmtp(mulander): Error: K8AnMgm+o1YvIwAAl8n8gw:
> sieve: msgid=<1453571593.2760914.500533218.6AFC4E87@webmail.messagin
> gengine.com>: failed to store into mailbox 'INBOX': Internal error
> occurred. Refer to server log for more information. [2016-01-23
> 18:53:24] Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error:
> K8AnMgm+o1YvIwAAl8n8gw: sieve: Execution of
> script /home/mulander/.dovecot.sieve was aborted due to temporary
> failure (user logfile /home/mulander/.dovecot.sieve.log may reveal
> additional details)
>
>
> Now obviously I treat security(8) warnings seriously but I would like
> to know why a +x flag is considered a bad practice here?
>
> Regards,
> Adam
>
> ---
>
> [1]
> http://blog.tintagel.pl/2015/05/08/accept-from-any-for-any-relay-via.html
>
After some IRC talk with ebarret we came to the following conclusions:
- the script assumes the mailbox is a file (in my case it's a maildir)
- the comment should say 'unreadable by others'
I think check_mailboxes should be altered when the target entry
in /var/mail is a directory. Instead of expecting u+rw it should expect
u+rwx in that specific case.
If no one raises issues with this I'll send a patch to tech@ modifying
security(8) to behave like that.
Regards,
Adam
