[Dovecot] Dovecot 2.0beta3: Auth master process is now running as default_internal_user
Timo Sirainen
tss at iki.fi
Tue Mar 16 21:57:03 EET 2010
On Sun, 2010-03-14 at 20:41 +0100, Thomas Leuxner wrote:
> Hi,
>
> with 'changeset 10910' the Auth master process is running as
> 'default_internal_user' now (dovecot). This requires permissions
> tuning for 'passwd-files' at least, while other plugins would run in a
> different user context, 'vmail' in my setup. I see that this may be
> safer, just wondering how to streamline the config:
>
> [20:27] root spectre:/var/vmail/conf.d# l
> drwxr-x--- 4 dovecot vmail 4096 2010-03-14 17:40 leuxner.net
..
> drwx------ 2 vmail vmail 4096 2010-03-14 13:09 acls
Why does vmail own any of these files? Dovecot accesses them only via
dovecot-auth. Do you have something else that needs to read/write them
as vmail?
I think the best solutions are (in order):
1) Create a new doveauth user that has read (but no write) access to the
files. Use doveauth for auth process.
2) Use root user for files and auth process.
3) Use dovecot user for files and auth process.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100316/5bc21580/attachment.bin
More information about the dovecot
mailing list