secure setup for imap hibernation
Arkadiusz Miśkiewicz
arekm at maven.pl
Fri Oct 27 12:32:27 EEST 2017
On Friday 27 of October 2017, Aki Tuomi wrote:
> On 27.10.2017 11:20, Arkadiusz Miśkiewicz wrote:
> > Hi.
> >
> > What's the approach for securely enabling imap hibernation in case when
> > each user uses different uid and gid?
> >
> > Looks like none and 0666 on hibernation and imap master sockets is the
> > only way?
> >
> > Thanks,
>
> That's the only way, yes. Hibernation keeps all connections in same
> process.
Couldn't dovecot do setgroups(2) to add additional common group to
imap/hibernation processes and rely on that for access to sockets (sockets
would be root:thatgroup 0660) thus making it a bit more secure?
Non mail related uids/gids wouldn't have access to sockets that way.
> Aki
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the dovecot
mailing list