[Dovecot] Chrooting dovecot.
Dan Stromberg
strombrg at dcs.nac.uci.edu
Tue Mar 15 23:31:45 EET 2005
On Tue, 2005-03-15 at 23:19 +0200, Timo Sirainen wrote:
> On Sun, 2005-03-13 at 23:41 -0800, BSD Mail wrote:
> > root dovecot 481 5 tcp4 10.0.1.4:993 *:*
> > root dovecot 481 6 tcp4 10.0.1.4:995 *:*
> >
> > Fine for the first six lines it's doing what it's doing. But the last
> > two lines are running as root. That is why I want to chroot the
> > server. I would like if anyone can point me to some howto or notes on
> > how to do so. If there is none I will have to configure a jail just
> > for this purpose.
>
> The chrooting options in config file are meant for chrooting login,
> auth, imap and pop3 processes. By default it's chrooting login
> processes. Having the master process itself chrooted isn't supported..
>
> Does FreeBSD prevent root user from escaping chroot? Last I heard Linux
> didn't even try.
FreeBSD "jails", I gather, are more effective than chroot().
Similar in concept to Solaris 10's new "Zones".
chroot() is better than nothing, in some cases though. A measure
doesn't have to be 100% effective, to be worth bothering with.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20050315/fa9dd1f1/attachment-0001.bin>
More information about the dovecot
mailing list