Is this safe?
Jaroslaw Rafa
raj at rafa.eu.org
Thu Aug 25 13:37:28 UTC 2022
Hello,
I asked about this a few days ago, but since nobody answered in that thread,
I'd like to bring it up again as a separate thread. Maybe somebody
answers...
I have written a policy service for Postfix that checks whether the
connecting IP address has currently an IMAP session open. For this, it needs
to access the socket /var/run/dovecot/anvil. But by default, this socket is
accessible only for root, and I obviously DON'T want my service to run as
root:
srw------- 1 root root 0 May 22 2020 /var/run/dovecot/anvil
By modifying Dovecot configuration I was able to chnge the permissions on
that socket to:
srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil
Then my service can run under the user "dovecot" and access the socket.
Here's my question: did I create any security risk by changing the socket
permissions like above and running my service under "dovecot" user?
Or will it be better that I create a special user dedicated only for this
service and run the service under that user?
--
Regards,
Jaroslaw Rafa
raj at rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
More information about the dovecot
mailing list