newbie userdb lookup problem

aki.tuomi at dovecot.fi aki.tuomi at dovecot.fi
Thu Jun 23 06:39:33 UTC 2016


> On June 23, 2016 at 8:56 AM Michael Fox <news at mefox.org> wrote:
> 
> 
> > http://wiki.dovecot.org/LDA
> > 
> > Section virtual users, with lookup has the answer.
> 
> Thanks for the quick response Aki.
> 
> I presume you're referring to this:
> 
> service auth {
>   unix_listener auth-userdb {
>     mode = 0600
>     user = vmail # User running dovecot-lda
>     #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group
>   }
> }
> 
> So, given that, then I'm still not clear on the following:
> 1)  User vmail is reading the userdb, not writing to the userdb.  So why mode 0600?
> 2)  What should the owner, group and mode/permissions of the actual userdb flat file be for best security?
> 
> Michael

1) that is a socket, not regular file. LDA speaks with auth service.

2) as auth *service* runs as root it prolly is best to use root:root 0400 for the actual file.

---
Aki Tuomi


More information about the dovecot mailing list