[Dovecot] Post-login scripting with mail_drop_priv_before_exec in dovecot2

Timo Sirainen tss at iki.fi
Mon May 9 19:45:56 EEST 2011


On Mon, 2011-05-09 at 16:19 +0300, Mark Zealey wrote:

> I'm in the process of upgrading from dovecot v1.1 to dovecot 2. We fetch 
> uid/gid user information from a database and also use post-login 
> scripting with mail_drop_priv_before_exec = yes which means the 
> postlogin script is executed with the permissions of the user we have 
> found in the database.
> 
> According to the dovecot2 wiki page, to get this behaviour in version 2 
> we have to set the post-login script to run as root and then su to the 
> user. This seems a bit of a strange (and insecure as you might forget) 
> way of doing this. Are there any other options, such as fetching a 
> certain column name from the database to set the value of service 
> imap-postlogin { user } or setting something like user = $user in the 
> configuration? (or is the configuration only read at startup so such 
> dynamic configuration can't be done in the service section?)

There is no good way to do this. Maybe you should replace your
post-login script with a Dovecot plugin that runs on mail_user_created
hook and then calls your script with system().



More information about the dovecot mailing list