1

I'm using courier imap. When a mail client creates a new folder, it's created on the filesystem with 640 permission. I need it to be writable by the group, or 660. I currently have /etc/courier/imapd IMAP_UMASK=007, but that's not enough.

I'm not sure what else to try. Any ideas? I'm using ubuntu server 12.04.

EDIT: I added a 50pt bounty to this. For an acceptable answer, I need a way to make it work from a package in a standard repo. If I download source and compile it myself, it won't be automatically kept up to date with security fixes.

If I don't find a better answer, I'll add code to the admin script to call another sudo approved script to chmod -R the whole directory before every change. But this is kind of hack-ish.

EricP
  • 115
  • 1
  • 8
  • Why do they need to be group-write? – staticsan Jun 22 '12 at 03:19
  • Each domain I host runs as a different user, and the user accounts can't access each other. But there's one master user (assigned to each group) that manages account operations for them all. – EricP Jun 22 '12 at 16:00
  • I'm not familiar with courier but did you try to give the write permission to the parent folder and turn on SGID? – quanta Jun 26 '12 at 15:04
  • Maybe you could try shared folders? You need to call maildirmake a bit differently - see http://www.flatmtn.com/article/setting-courier-imap#ImapCourier-10 for examples. – Marie Fischer Jun 27 '12 at 04:20
  • So what OS and FS are you using? – Andrew Smith Jun 30 '12 at 12:23

1 Answers1

1

Well this stuff below is not going to work with mail server, but if in any case you can propagate the default folder permission via the following setfacl method shown below.

In any case you want to change the way fopen works I would use ld-preload on it, and make fopen with 660 instead of 600. Function to be taken over would be e.g. umask, chown, mkdir, open.

umask(0)                                = 077
mkdir("/home/test/Maildir/.INBOX.test", 0700) = 0
chown("/home/test/Maildir/.INBOX.test", 4294967295, 4294967295) = 0
open("/home/test/Maildir/.INBOX.test/maildirfolder", O_WRONLY|O_CREAT, 0600) = 15
mkdir("/home/test/Maildir/.INBOX.test/cur", 0700) = 0

You might want to use setfacl and getfacl. setfacl -m d:g::rw aaa setups the default permission on folder (so it's like inherited), that the group (the default group, which is not specified here between two :) would have both read and write permissions.

[test@test ~]$ setfacl -m d:g::rwx aaa
[test@test ~]$ getfacl aaa
# file: aaa
# owner: test
# group: test
user::rwx
group::---
other::---
default:user::rwx
default:group::rwx
default:other::---

[test@test~]$ mkdir aaa/zzz
[test@test ~]$ getfacl aaa/zzz
# file: aaa/zzz
# owner: test
# group: test
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---

[test@test ~]$ ls -l aaa
total 4
drwxrwx---+ 2 test test 4096 Jun 30 12:22 zzz
[test@test ~]$ umask
0077
[test@test ~]$
Andrew Smith
  • 1,143
  • 13
  • 23
  • IMHO ld-preload is most useful, but I dont have time to make something sensible, there are 2 or 3 structs I would really have to test properly – Andrew Smith Jul 17 '12 at 07:11