Get a list of currently active IMAP connections?

[Jaroslaw Rafa]

Dnia 20.08.2022 o godz. 19:34:03 Jaroslaw Rafa pisze:
> I have one more question regarding this.
> 
> My service needs to access the socket /var/run/dovecot/anvil. The problem is
> that this socket (at least on my system) has permissions only for root:
> 
> srw------- 1 root root 0 May 22  2020 /var/run/dovecot/anvil
> 
> And I don't think it's a good idea to run my service as root. Is it possible
> to add permission to this socket for another user? If yes, what should I
> change in Dovecot config?

Well, documentation is not very clear on this, but by trial and error I was
able to change /var/run/dovecot/anvil socket permissions to:

srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil

by putting the following lines into Dovecot configuration:

# this is needed for Postfix IMAP-before-SMTP policy service to access anvil
service anvil {
        unix_listener anvil {
                user = root
                group = dovecot
                mode = 0660
        }
}

Then my service can run under the user "dovecot" and access anvil.

So I'd like to ask - do I create any security risk by changing the anvil
socket permissions like above and running my service under "dovecot" user?

Or is it better that I create a special user dedicated only for this service
and run the service under that user?
-- 
Regards,
   Jaroslaw Rafa
   raj at rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."