Mercurial > dovecot > original-hg > dovecot-1.2
diff dovecot-example.conf @ 7341:af998ae4254b HEAD
Replaced mail_extra_groups setting with mail_privileged_group and
mail_access_groups settings. mail_privileged_group allows temporary access
to the group when creating mbox INBOX dotlocks.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 04 Mar 2008 07:54:53 +0200 |
parents | da971cec0395 |
children | 4c093cfa8756 |
line wrap: on
line diff
--- a/dovecot-example.conf Tue Mar 04 07:54:41 2008 +0200 +++ b/dovecot-example.conf Tue Mar 04 07:54:53 2008 +0200 @@ -269,12 +269,17 @@ #mail_uid = #mail_gid = -# Grant access to these extra groups for mail processes. Typical use would be -# to give "mail" group write access to /var/mail to be able to create dotlocks. -# WARNING: If your users can create symlinks, this will allow the users to -# read any files that are group-readable by one of these groups! Make sure at -# least all the common mailboxes have 0600 permissions (or a different group). -#mail_extra_groups = +# Group to enable temporarily for privileged operations. Currently this is +# used only for creating mbox dotlock files when creation fails for INBOX. +# Typically this is set to "mail" to give access to /var/mail. +#mail_privileged_group = + +# Grant access to these supplementary groups for mail processes. Typically +# these are used to set up access to shared mailboxes. Note that it may be +# dangerous to set these if users can create symlinks (e.g. if "mail" group is +# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' +# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). +#mail_access_groups = # Allow full filesystem access to clients. There's no access checks other than # what the operating system does for the active UID/GID. It works with both