[Dovecot] dovecot non-local users

Timo Sirainen tss at iki.fi
Wed Jun 16 04:08:49 EEST 2004


On Wed, 2004-06-16 at 03:51, Tom Allison wrote:
> Having one uid per user would mean that in case of a security hole in
> Dovecot, the user still couldn't read other peoples mails. Use this if
> possible.
> 
> -----
> 
> I don't quite understand this one.
> If you aren't a local user, what's the uid all about?

"in case of a security hole", ie. if attacker finds a way to execute
arbitrary code in the imap/pop3 process. Of course there never will be
such holes ;)

> Do I do something like:
> create a user for mydomain in /etc/passwd (eg: user:domain_dude, 
> home:/var/dovecot) with a valid home/uid/gid.
> Plug in the uid/gid/home for domain_dude in the authentication and have 
> a data structure of /var/dovecot/%d/%n/Maildir
> or %h/%d/%d/Maildir where %h = "/var/dovecot" via /etc/passwd.

If the home is domain-wide, it'd probably be better to point home
directory to /var/dovecot/domain and use %h/%n/Maildir in
default_mail_env.

Keeping home directory somewhere where the user has write access to
might be useful sooner or later (eg. to get core dumps written).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040616/19abdd2d/attachment.pgp


More information about the dovecot mailing list