[Dovecot] Post-login scripting with mail_drop_priv_before_exec in dovecot2

Timo Sirainen tss at iki.fi
Mon May 9 20:02:55 EEST 2011


On Mon, 2011-05-09 at 19:45 +0300, Timo Sirainen wrote:
> On Mon, 2011-05-09 at 16:19 +0300, Mark Zealey wrote:
> 
> > I'm in the process of upgrading from dovecot v1.1 to dovecot 2. We fetch 
> > uid/gid user information from a database and also use post-login 
> > scripting with mail_drop_priv_before_exec = yes which means the 
> > postlogin script is executed with the permissions of the user we have 
> > found in the database.
> > 
> > According to the dovecot2 wiki page, to get this behaviour in version 2 
> > we have to set the post-login script to run as root and then su to the 
> > user. This seems a bit of a strange (and insecure as you might forget) 
> > way of doing this. Are there any other options, such as fetching a 
> > certain column name from the database to set the value of service 
> > imap-postlogin { user } or setting something like user = $user in the 
> > configuration? (or is the configuration only read at startup so such 
> > dynamic configuration can't be done in the service section?)
> 
> There is no good way to do this. Maybe you should replace your
> post-login script with a Dovecot plugin that runs on mail_user_created
> hook and then calls your script with system().

Oh, actually I think you can simply give -d parameter to script-login..




More information about the dovecot mailing list