Is this safe?

Jaroslaw Rafa raj at rafa.eu.org
Thu Aug 25 13:37:28 UTC 2022


Hello,
I asked about this a few days ago, but since nobody answered in that thread,
I'd like to bring it up again as a separate thread. Maybe somebody
answers...

I have written a policy service for Postfix that checks whether the
connecting IP address has currently an IMAP session open. For this, it needs
to access the socket /var/run/dovecot/anvil. But by default, this socket is
accessible only for root, and I obviously DON'T want my service to run as
root:

srw------- 1 root root 0 May 22  2020 /var/run/dovecot/anvil

By modifying Dovecot configuration I was able to chnge the permissions on
that socket to:

srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil

Then my service can run under the user "dovecot" and access the socket.

Here's my question: did I create any security risk by changing the socket
permissions like above and running my service under "dovecot" user?

Or will it be better that I create a special user dedicated only for this
service and run the service under that user?
-- 
Regards,
   Jaroslaw Rafa
   raj at rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."


More information about the dovecot mailing list