[Dovecot] dovecot user
tss at iki.fi
Thu Mar 25 20:30:55 EET 2010
I think the next v2.0 release (rc1?) will include the new changed
default_login_user. I'm still not completely sure what it is though. Two
"dovenest" (by Pascal Volk) - although reminds me a bit too much of
"dovehole" - you go inside dovecot via a hole, right?
On Sat, 2010-01-23 at 14:51 +0200, Timo Sirainen wrote:
> Any thoughts on this:
> The primary use for "dovecot" user has been for login processes. But
> people keep misunderstanding this and try to use dovecot for accessing
> mails. For years I've been wondering about renaming this user to
> something else like dovelogin, but it never really seemed practical.
> So now with v2.0 there are a bunch of new processes, and for example
> anvil and dict are now run as dovecot user by default. But it's not
> really good that login processes can just go and kill those processes.
> And even worse, if drop_priv_before_exec=yes they could ptrace these
> So I think we need two Dovecot users for v2.0:
> 1. Completely untrusted user for login processes.
> 2. Slightly more trusted internal Dovecot user.
> So "dovecot" could be reused for 2. And it would no longer be a mortal
> sin to use dovecot user for owning mail files. For 1. there would be a
> new user. I'd use "dovelogin", but apparently tools still don't much
> like usernames that are longer than 8 characters. Like ps could show
> numeric uid instead of 9 character long username. So .. any suggestions?
> "dovlogin" could be one possibility I guess. It would be nice if the
> name somehow reminded of login processes, but maybe something else could
> be used too, like: dovenil, dovenull, dovezero, dovenone, dovevoid,
> doveint, dovedown, dovein, dove0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100325/dd5ae3c4/attachment.bin
More information about the dovecot