On Thu, 2012-02-23 at 09:03 +0100, "Tóth Attila" wrote:
Unfortunately I can see, that in my case /usr/libexec/dovecot/imap accesses both the inbox and the mail directories of the user as root. Moreover, it creates the lock file as root. I can see no process running as the user.
How could I teach dovecot to start the imap process as the user. What configuration options I should blame?
Well, that's strange. There shouldn't be any way for you to make imap access mails as root, even if you wanted to do that. If you log in as root, it'll fail with:
Error: user root: Invalid settings in userdb: userdb returned 0 as uid Fatal: Invalid user settings. Refer to server log for more information.
If there's a bug and it just somehow manages to get through that check, it fails with:
Fatal: We couldn't drop root privileges
So.. I'm not really sure what could be wrong. It makes me think maybe Gentoo's hardening features somehow mess this up, but I can't really think of how that could either.
Set auth_debug=yes and mail_debug=yes. What does it log when logging in?