This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 7 and 8
Revision 7 as of 2012-08-06 09:23:52
Size: 1054
Editor: p54A977A7
Comment: Link to page which explains the problem with file permission in /var/mail/* with more details
Revision 8 as of 2016-07-23 14:52:45
Size: 1210
Editor: TimoSirainen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 a. Give the mail process access to the group (e.g. {{{mail_access_groups=mail}}} setting).  a. Give the mail process access to the group (e.g. {{{mail_access_groups=mail}}} setting). However, this is dangerous. [[http://dovecot.org/list/dovecot-news/2008-March/000060.html|It allows users with shell access to read other users' INBOXes]].

Operation Not Permitted

imap(user): Error: chown(/home/user/mail/.imap/INBOX, group=12(mail)) failed: Operation not permitted (egid=1000(user), group based on /var/mail/user - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)

This means that Dovecot tried to copy /var/mail/user file's group (mail) to the index file directory it was creating (/home/user/mail/.imap/INBOX), but the process didn't belong to the mail group, so it failed. This is important for preserving access permissions with shared mailboxes. Group copying is done only when it actually changes the access permissions; for example with 0600 or 0666 mode the group doesn't matter at all, but with 0660 or 0640 it does.

To solve this problem you can do only one of two things:

  1. If the group doesn't actually matter, change the permissions so that the group isn't copied (e.g. chmod 0600 /var/mail/*, see MailLocation/mbox)

  2. Give the mail process access to the group (e.g. mail_access_groups=mail setting). However, this is dangerous. It allows users with shell access to read other users' INBOXes.

None: Errors/ChgrpNoPerm (last edited 2016-07-23 14:52:45 by TimoSirainen)