[Dovecot] Post-login scripting with mail_drop_priv_before_exec in dovecot2

Mark Zealey mark.zealey at webfusion.com
Mon May 9 16:19:23 EEST 2011


Hi,

I'm in the process of upgrading from dovecot v1.1 to dovecot 2. We fetch 
uid/gid user information from a database and also use post-login 
scripting with mail_drop_priv_before_exec = yes which means the 
postlogin script is executed with the permissions of the user we have 
found in the database.

According to the dovecot2 wiki page, to get this behaviour in version 2 
we have to set the post-login script to run as root and then su to the 
user. This seems a bit of a strange (and insecure as you might forget) 
way of doing this. Are there any other options, such as fetching a 
certain column name from the database to set the value of service 
imap-postlogin { user } or setting something like user = $user in the 
configuration? (or is the configuration only read at startup so such 
dynamic configuration can't be done in the service section?)

Cheers,

Mark


More information about the dovecot mailing list