Is this safe?

Jaroslaw Rafa raj at
Thu Aug 25 13:37:28 UTC 2022

I asked about this a few days ago, but since nobody answered in that thread,
I'd like to bring it up again as a separate thread. Maybe somebody

I have written a policy service for Postfix that checks whether the
connecting IP address has currently an IMAP session open. For this, it needs
to access the socket /var/run/dovecot/anvil. But by default, this socket is
accessible only for root, and I obviously DON'T want my service to run as

srw------- 1 root root 0 May 22  2020 /var/run/dovecot/anvil

By modifying Dovecot configuration I was able to chnge the permissions on
that socket to:

srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil

Then my service can run under the user "dovecot" and access the socket.

Here's my question: did I create any security risk by changing the socket
permissions like above and running my service under "dovecot" user?

Or will it be better that I create a special user dedicated only for this
service and run the service under that user?
   Jaroslaw Rafa
   raj at
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

More information about the dovecot mailing list