[Dovecot] Post-login scripting with mail_drop_priv_before_exec in dovecot2
Timo Sirainen
tss at iki.fi
Mon May 9 19:45:56 EEST 2011
On Mon, 2011-05-09 at 16:19 +0300, Mark Zealey wrote:
> I'm in the process of upgrading from dovecot v1.1 to dovecot 2. We fetch
> uid/gid user information from a database and also use post-login
> scripting with mail_drop_priv_before_exec = yes which means the
> postlogin script is executed with the permissions of the user we have
> found in the database.
>
> According to the dovecot2 wiki page, to get this behaviour in version 2
> we have to set the post-login script to run as root and then su to the
> user. This seems a bit of a strange (and insecure as you might forget)
> way of doing this. Are there any other options, such as fetching a
> certain column name from the database to set the value of service
> imap-postlogin { user } or setting something like user = $user in the
> configuration? (or is the configuration only read at startup so such
> dynamic configuration can't be done in the service section?)
There is no good way to do this. Maybe you should replace your
post-login script with a Dovecot plugin that runs on mail_user_created
hook and then calls your script with system().
More information about the dovecot
mailing list