[Dovecot] dovecot.conf permissions

Timo Sirainen tss at iki.fi
Thu Jul 24 21:27:54 EEST 2008


On Thu, 2008-07-24 at 10:18 +0200, Dan Horák wrote:
> Hi,
> 
> I have a little problem with defining the right permissions for
> dovecot.conf. The main problem is that the password for SSL certificates
> is stored there and the conf file is world readable by default, which
> makes a security problem [1]. It is not a problem to restrict the
> permissions to 0600, dovecot will still work, but then deliver cannot
> work as it reads the conf too, but it runs under arbitrary user. So my
> last iteration is 0640 as permission and root:mail as ownership, but
> that expects that deliver is run with group = mail. For the long term
> solution I would prefer to move the password into a separate config file
> so the permissions can be properly restricted there. What are your
> opinions?

Config file including will be supported some day. Also you could start
Dovecot with -p parameter and specify the password there.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080724/99c75c1f/attachment.bin 


More information about the dovecot mailing list