rawhide report: 20040109 changes
Alexandre Oliva
aoliva at redhat.com
Mon Jan 12 19:38:33 UTC 2004
On Jan 12, 2004, Gijs Hollestelle <gijs at gewis.nl> wrote:
> Alexandre Oliva wrote:
>> No, I only read its docs, just did again, and I don't see that it
>> supports preauth imap.
> Sounds like /usr/libexec/dovecot/imap does what you mean:
Cool. Looks like I didn't look at the docs hard enough :-)
Anyway, there's still a regression:
$ /usr/libexec/dovecot/imap
* PREAUTH [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN LISTEXT LIST-SUBSCRIBED] Logged in as aoliva
0 select INBOX
imap(aoliva): Error: open(/var/spool/mail/aoliva.lock) failed: Permission deniedimap(aoliva): Error: file_lock_dotlock() failed with mbox file /var/spool/mail/aoliva: Permission denied
imap(aoliva): Error: open(/var/spool/mail/aoliva.lock) failed: Permission deniedimap(aoliva): Error: file_lock_dotlock() failed with mbox file /var/spool/mail/aoliva: Permission denied
0 NO Internal error [2004-01-12 17:06:26]
However, the regression may actually be a good thing. To wit:
$ imapd
* PREAUTH [CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] Pre-authenticated user aoliva free.redhat.lsd.ic.unicamp.br IMAP4rev1 2003.338rh at Mon, 12 Jan 2004 17:08:20 -0200 (BRST)
0 select INBOX
* 15 EXISTS
* NO Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
[...]
Interesting... I'd never seen this warning before, since fetchmail
didn't report it to me. Fortunately, I only get this when running
imapd on my local mailbox (that is never read with imapd, so no
risk). I sort of prefer dovecot's behavior of refusing access instead
of offering risky access, so, no actual regression from where I
stand.
But then, we should probably do something such that dovecot/imap
actually worked under these conditions. Either revert to mode 1777
for /var/spool/mail/ (bad!) or make imap setgid mail (not so bad).
It should be possible to control the locking mechanisms used by it,
but I don't see how: libexec/dovecot doesn't even attempt to stat
/etc/dovecot.conf. And, worse, it saves local state in ~/Mail/.imap.
This means that, whenever I rsync my ~/Mail/ dir to the mailbox server
(that happens to also be where I keep a live copy of my data),
anything that was saved there before is gone. Now *that*'s bad. It's
definitely not a drop-in replacement for UW-imap.
I guess I could live with that, but it can be more of a pain for users
that download e-mail from systems in which /var/spool/mail has safer
permissions.
Ideally, it should be possible to tell dovecot/imap which directory to
use instead of mail/.imap or Mail/.imap with some env var or cmd line
flag.
--
Alexandre Oliva Enjoy Guarana', see http://www.ic.unicamp.br/~oliva/
Happy GNU Year! oliva@{lsd.ic.unicamp.br, gnu.org}
Red Hat GCC Developer aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist Professional serial bug killer
More information about the fedora-devel-list
mailing list