[Dovecot] Dovecot 2.0beta3: Auth master process is now running as default_internal_user

Timo Sirainen tss at iki.fi
Tue Mar 16 21:57:03 EET 2010


On Sun, 2010-03-14 at 20:41 +0100, Thomas Leuxner wrote:
> Hi,
> 
> with 'changeset 10910' the Auth master process is running as
> 'default_internal_user' now (dovecot). This requires permissions
> tuning for 'passwd-files' at least, while other plugins would run in a
> different user context, 'vmail' in my setup. I see that this may be
> safer, just wondering how to streamline the config:
> 
> [20:27] root spectre:/var/vmail/conf.d# l
> drwxr-x--- 4 dovecot vmail 4096 2010-03-14 17:40 leuxner.net
..
> drwx------ 2 vmail   vmail 4096 2010-03-14 13:09 acls

Why does vmail own any of these files? Dovecot accesses them only via
dovecot-auth. Do you have something else that needs to read/write them
as vmail?

I think the best solutions are (in order):

1) Create a new doveauth user that has read (but no write) access to the
files. Use doveauth for auth process.

2) Use root user for files and auth process.

3) Use dovecot user for files and auth process.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100316/5bc21580/attachment.bin 


More information about the dovecot mailing list