[Dovecot] Post-login scripting with mail_drop_priv_before_exec in dovecot2
Timo Sirainen
tss at iki.fi
Mon May 9 20:02:55 EEST 2011
On Mon, 2011-05-09 at 19:45 +0300, Timo Sirainen wrote:
> On Mon, 2011-05-09 at 16:19 +0300, Mark Zealey wrote:
>
> > I'm in the process of upgrading from dovecot v1.1 to dovecot 2. We fetch
> > uid/gid user information from a database and also use post-login
> > scripting with mail_drop_priv_before_exec = yes which means the
> > postlogin script is executed with the permissions of the user we have
> > found in the database.
> >
> > According to the dovecot2 wiki page, to get this behaviour in version 2
> > we have to set the post-login script to run as root and then su to the
> > user. This seems a bit of a strange (and insecure as you might forget)
> > way of doing this. Are there any other options, such as fetching a
> > certain column name from the database to set the value of service
> > imap-postlogin { user } or setting something like user = $user in the
> > configuration? (or is the configuration only read at startup so such
> > dynamic configuration can't be done in the service section?)
>
> There is no good way to do this. Maybe you should replace your
> post-login script with a Dovecot plugin that runs on mail_user_created
> hook and then calls your script with system().
Oh, actually I think you can simply give -d parameter to script-login..
More information about the dovecot
mailing list