[Dovecot] Post-login scripting with mail_drop_priv_before_exec in dovecot2
Mark Zealey
mark.zealey at webfusion.com
Mon May 9 16:19:23 EEST 2011
Hi,
I'm in the process of upgrading from dovecot v1.1 to dovecot 2. We fetch
uid/gid user information from a database and also use post-login
scripting with mail_drop_priv_before_exec = yes which means the
postlogin script is executed with the permissions of the user we have
found in the database.
According to the dovecot2 wiki page, to get this behaviour in version 2
we have to set the post-login script to run as root and then su to the
user. This seems a bit of a strange (and insecure as you might forget)
way of doing this. Are there any other options, such as fetching a
certain column name from the database to set the value of service
imap-postlogin { user } or setting something like user = $user in the
configuration? (or is the configuration only read at startup so such
dynamic configuration can't be done in the service section?)
Cheers,
Mark
More information about the dovecot
mailing list