[Dovecot] How to achieve proper privilege separation?

Timo Sirainen tss at iki.fi
Thu Feb 23 10:15:12 EET 2012


On Thu, 2012-02-23 at 09:03 +0100, "Tóth Attila" wrote:
> Unfortunately I can see, that in my case /usr/libexec/dovecot/imap
> accesses both the inbox and the mail directories of the user as root.
> Moreover, it creates the lock file as root. I can see no process running
> as the user.
> 
> How could I teach dovecot to start the imap process as the user. What
> configuration options I should blame?

Well, that's strange. There shouldn't be any way for you to make imap
access mails as root, even if you wanted to do that. If you log in as
root, it'll fail with:

Error: user root: Invalid settings in userdb: userdb returned 0 as uid
Fatal: Invalid user settings. Refer to server log for more information.

If there's a bug and it just somehow manages to get through that check,
it fails with:

Fatal: We couldn't drop root privileges

So.. I'm not really sure what could be wrong. It makes me think maybe
Gentoo's hardening features somehow mess this up, but I can't really
think of how that could either.

Set auth_debug=yes and mail_debug=yes. What does it log when logging in?




More information about the dovecot mailing list