Permissions in /home/yellowtent/boxdata/mail/vmail/* are inconsistently applied

d19dotca

Hello,

I noticed that the permissions seem inconsistent when looking into the /home/yellowtent/boxdata/mail/vmail/ folder listing of mailboxes.

$ sudo ls -alh /home/yellowtent/boxdata/mail/vmail/
total 164K
drwxr-xr-x 41 yellowtent yellowtent 4.0K Jun 16 06:50 .
drwxr-xr-x  9 yellowtent yellowtent 4.0K May 30 06:10 ..
drwxr--r--  4 yellowtent yellowtent 4.0K Jun 12 19:43 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K Jun 16 06:33 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun 13 15:11 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun 15 15:06 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K Jun 16 06:31 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K May 31 04:36 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K May 30 12:09 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K Jun 15 01:00 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun 15 12:07 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun 14 14:54 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K Jun 15 22:24 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun 15 14:34 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K Jun  1 21:28 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K Jun 15 22:38 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun 15 21:27 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun  8 06:14 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun  8 06:14 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K Jun 15 18:28 <email@example.com>
-rw-r--r--  1 yellowtent yellowtent    0 Jun 16 06:50 shared-mailboxes.db
drwxr--r--  4 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwxr--r--  4 yellowtent yellowtent 4.0K Jun  9 20:31 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>
drwx------  3 yellowtent yellowtent 4.0K Jun 16 06:50 <email@example.com>
drwxr-xr-x  4 yellowtent yellowtent 4.0K May 31 21:58 <email@example.com>
drwxr-xr-x  3 yellowtent yellowtent 4.0K May 30 06:10 <email@example.com>

I also noticed differences in the permissions on the roundcube.sieve file for example too:

-rw------- 1 yellowtent yellowtent  260 May 29 22:40 roundcube.sieve
-rw-r--r-- 1 yellowtent yellowtent  253 Jun 16 06:44 roundcube.sieve

What should the correct permissions be? What commands could I run to batch-fix these across all mailboxes in the Cloudron server?

Context: I discovered this while trying to batch review mailbox sieve filters with this command: nano /home/yellowtent/boxdata/mail/vmail/*/sieve/roundcube.sieve - I had noticed before last month sometime that when running that command it'd rotate through every sieve filter file named roundcube.sieve when closing the file in nano, but today when trying to do the same thing I suddenly only see a few filters rather than 20+ I see just several today. This led me to looking at the permissions to determine what was different and noticed differences not only on the roundcube.sieve filter but the actual mailbox directories.

girish

@d19dotca These directories are created and managed by dovecot. The permissions on a quick look seems fine to me, what is it that you are trying to solve? Or are you just wondering why those permissions are like that?

d19dotca

@girish I'd just assume these permissions should be consistent, no? What I was trying to do was run a command like nano /home/yellowtent/boxdata/mail/vmail/*/sieve/roundcube.sieve to edit all the sieve filters for the mailboxes. Not too long ago (maybe a few weeks ago) I was able to run that command and edit them all. Now, it only loads a few of them. I'm unsure what changed, and that's when I noticed the permissions discrepancies in the vmail folder.

girish

@d19dotca Inspecting a few mail servers that I can ssh into it seems all the sieve files are -rw------- and all the mailboxes are drwx------. Was this server restored from a backup by any chance? If so, that would maybe explain the discrepancy. But even then I am not sure why some of the mailbox folders have pretty bizzare permissions like "r-x" for group/others. I think you can safely change the permissions to the ones I listed above.

d19dotca

@girish It hasn't been restored from a backup too recently but yes it has in its lifetime for sure, mostly from migrations to different servers / providers using Cloudron's backup/restore process. Curious, why would restoring from a backup explain the discrepancy? If it is changing the permissions on restore, I assume that behaviour would indicate a defect, or am I misunderstanding this?

girish

@d19dotca Sorry for the delay, missed this one. The backups do not have the file permissions or ownership saved as part of the backup. So, when it restores, it just restores it with permissions and ownership which is possibly different from what it backed up as. We rely on the app packages to fix up permissions before they start up (this is why all packages do a chown in their startup.sh). I guess we can do similar for the mail container startup logic. I am assuming this is just a discrepancy you noted and not causing any actual problem? If so, I would just ignore it for now, it's not really a problem. I think dovecot creates files in a very "strict" away because dovecot can be configured to use real users which Cloudron does not use (we use virtual users i.e users are not linux/OS users).

d19dotca

@girish said in Permissions in /home/yellowtent/boxdata/mail/vmail/* are inconsistently applied:

I am assuming this is just a discrepancy you noted and not causing any actual problem?

Correct, it's just a discrepancy I noticed, I am unaware of any issues caused by it other than impeding my ability to edit everyone's sieve files quickly.

girish

@d19dotca Ah good point about editing those files. In the next release, I am hoping to make the filemanager be able to edit mail data (so admins can setup sieve rules etc for a mailbox), so this will atleast partly fix that issue.