[Dovecot] Chrooting dovecot.

Dan Stromberg strombrg at dcs.nac.uci.edu
Tue Mar 15 23:31:45 EET 2005


On Tue, 2005-03-15 at 23:19 +0200, Timo Sirainen wrote:
> On Sun, 2005-03-13 at 23:41 -0800, BSD Mail wrote:
> > root     dovecot    481   5  tcp4   10.0.1.4:993          *:*
> > root     dovecot    481   6  tcp4   10.0.1.4:995          *:*
> > 
> > Fine for the first six lines it's doing what it's doing. But the last
> > two lines are running as root. That is why I want to chroot the
> > server. I would like if anyone can point me to some howto or notes on
> > how to do so. If there is none I will have to configure a jail just
> > for this purpose.
> 
> The chrooting options in config file are meant for chrooting login,
> auth, imap and pop3 processes. By default it's chrooting login
> processes. Having the master process itself chrooted isn't supported.. 
> 
> Does FreeBSD prevent root user from escaping chroot? Last I heard Linux
> didn't even try.

FreeBSD "jails", I gather, are more effective than chroot().

Similar in concept to Solaris 10's new "Zones".

chroot() is better than nothing, in some cases though.  A measure
doesn't have to be 100% effective, to be worth bothering with.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20050315/fa9dd1f1/attachment.pgp


More information about the dovecot mailing list