[Dovecot] dovecot non-local users
Timo Sirainen
tss at iki.fi
Wed Jun 16 04:08:49 EEST 2004
On Wed, 2004-06-16 at 03:51, Tom Allison wrote:
> Having one uid per user would mean that in case of a security hole in
> Dovecot, the user still couldn't read other peoples mails. Use this if
> possible.
>
> -----
>
> I don't quite understand this one.
> If you aren't a local user, what's the uid all about?
"in case of a security hole", ie. if attacker finds a way to execute
arbitrary code in the imap/pop3 process. Of course there never will be
such holes ;)
> Do I do something like:
> create a user for mydomain in /etc/passwd (eg: user:domain_dude,
> home:/var/dovecot) with a valid home/uid/gid.
> Plug in the uid/gid/home for domain_dude in the authentication and have
> a data structure of /var/dovecot/%d/%n/Maildir
> or %h/%d/%d/Maildir where %h = "/var/dovecot" via /etc/passwd.
If the home is domain-wide, it'd probably be better to point home
directory to /var/dovecot/domain and use %h/%n/Maildir in
default_mail_env.
Keeping home directory somewhere where the user has write access to
might be useful sooner or later (eg. to get core dumps written).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040616/19abdd2d/attachment.pgp
More information about the dovecot
mailing list