Hi misc@
I'm using OpenSMTPD setup according to [1]. OpenBSD's security(8) keeps
complaining on the way I setup my maildir on the host.
TL;DR: why u+x on users maildir is considered a bad practice?
Running security(8):
Checking mailbox ownership.
user mulander mailbox is drwx------, group mulander
user nemessica mailbox is drwx------, group nemessica
Wanting to understand what I'm doing wrong I took a look at the code
(as man security(8) only states that it checks maildir permissions, no
details).
Code performing the check is located in /usr/libexec/security
# Mailboxes should be owned by the user and unreadable.
sub check_mailboxes {
I'm not exactly sure of the intent for the comment but the culprit in
my case is the +x bit for the owner of the folder.
Simply removing that leads to issues in my setup as dovecot sieve
scripts can't traverse the directory and file mail accordingly.
Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error:
stat(/var/mail/mulander/tmp) failed: Permission denied (euid=1000(mulander)
egid=1000(muland
er) missing +x perm: /var/mail/mulander, dir owner missing perms)
Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error:
K8AnMgm+o1YvIwAAl8n8gw: sieve:
msgid=<[email protected]
gengine.com>: failed to store into mailbox 'INBOX': Internal error occurred.
Refer to server log for more information. [2016-01-23 18:53:24]
Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error:
K8AnMgm+o1YvIwAAl8n8gw: sieve: Execution of script
/home/mulander/.dovecot.sieve was aborted
due to temporary failure (user logfile /home/mulander/.dovecot.sieve.log may
reveal additional details)
Now obviously I treat security(8) warnings seriously but I would like
to know why a +x flag is considered a bad practice here?
Regards,
Adam
---
[1]
http://blog.tintagel.pl/2015/05/08/accept-from-any-for-any-relay-via.html
