Dovecot version 1.0rc15 for CentOS/RHEL 4, tighter permissions for homes

1 post / 0 new
#1 Fri, 02/23/2007 - 18:17
Joe
Joe's picture

Dovecot version 1.0rc15 for CentOS/RHEL 4, tighter permissions for homes

Hi all, <p> I've rolled out a somewhat experimental (but much needed) package of Dovecot version 1.0rc15 for CentOS/RHEL 4 on i386 and x86_64. This upgrade fixes an irritating limitation of Dovecot 0.99, as provided by the OS software repositories. Specifically, older versions do not support group membership, and so the full path to each users home must be readable by world, if Maildir mail spools are being used (this applies to everyone with a default Virtualmin Professional installation). With the 1.0 version, this limitation no longer applies, and homes can default to 0750 permissions. <p> This update is recommended for everyone running CentOS or RHEL version 4. It has been tested to behave correctly in every circumstance I could think of, and we've been running this version, and a couple of earlier versions, on Virtualmin.com for several weeks without incident. <p> Versions for other operating systems (excluding those systems that already have a recent version) will be rolled out over the next 24-36 hours. <p> To upgrade on CentOS or RHEL: <p> yum update dovecot <p> Please note any errors, and let me know about them in the bug tracker. The expected behavior for systems with an old version of Dovecot is either no messages (other than the usual installation progress bar), or this notice: "Found old dovecot.conf, saved to /etc/dovecot.conf.rpmsave" if your dovecot.conf has ever been modified. If this message occurs, you may need to re-apply any changes you made to your Dovecot configuration. The Webmin Dovecot module supports both the old and new syntax, so you can use Webmin to make changes, if you like. <p> And now...the fun part! <p> Once you've updated your Dovecot version, you can setup Webmin to create new homes with 750 permissions. To do that, browse to Webmin's Users and Groups module in the System category. Click on the "Module Config" in the upper left corner of the right content panel. <p> In the "Home directory options" section, change "Permissions on new home directories" from 0755 to 0750. Save it. <p> Finally, change the permissions on your existing directories with: <p> cd /home chmod 750 * <p> All done! You're directories are now locked down tight as a drum, but you can still pickup your mail. <p> As always, if anything goes wrong, let us know. We'll help you fix it--anything that can go wrong during this process is pretty easy to fix, so don't panic.