Control: tags -1 wontfix
Hi,
On 10:56 Sat 23 Jul , Timo Sirainen wrote:
> Dovecot isn't really compatible with having mbox files being 0660 mode
> and having a shared (mail-)group. If the mode can't be changed to
> 0600, I don't think there's much that can be done now. I think it'll
>
On 23 Jul 2016, at 02:28, Apollon Oikonomopoulos wrote:
>
> Hi,
>
> On 18:05 Fri 22 Jul , Timo Sirainen wrote:
>> That would be a dangerous change. Users with shell access could
>> symlink (or hardlink) other peoples' inboxes to their own folders and
>> read them.
>
>
Hi,
On 18:05 Fri 22 Jul , Timo Sirainen wrote:
> That would be a dangerous change. Users with shell access could
> symlink (or hardlink) other peoples' inboxes to their own folders and
> read them.
IIUC, a more secure approach here would be to set mail_privileged_group
to 'mail' and leave
On Fri, 22 Jul 2016, Timo Sirainen wrote:
That would be a dangerous change. Users with shell access could symlink
(or hardlink) other peoples' inboxes to their own folders and read them.
Given that users in Debian are not members of group mail is it still a
risk?
--
Jaldhar H. Vyas
That would be a dangerous change. Users with shell access could symlink (or
hardlink) other peoples' inboxes to their own folders and read them.
> Francois Gouget kirjoitti 13.5.2016 kello 13.49:
>
> Package: dovecot-core
> Version: 1:2.2.23-1
> Severity: normal
>
> On Debian
tag 824212 +pending
thanks
On Fri, 13 May 2016, Francois Gouget wrote:
The fix is to set 'mail_access_groups = mail' in
/etc/dovecot/conf.d/10-mail.conf, which should be the default for the
Debian package.
I just wanted to let you know this change has been made and will appear in
our next
Package: dovecot-core
Version: 1:2.2.23-1
Severity: normal
On Debian the mail inboxes belong to the mail group as per the
SystemGroups policy:
https://wiki.debian.org/SystemGroups
| * mail: Mailboxes in /var/mail are owned by group mail, as explained
| in policy. The user and group are used
7 matches
Mail list logo