On Wed, 2010-08-25 at 13:00 +0200, Ralph Seichter wrote:
On 25.08.10 01:52, Timo Sirainen wrote:
Mail processes connect to dict socket, so all mail users executing mail processes need to have access to it.
Just as I thought when I configured "mode = 0666". I am uneasy about userA being potentially able to modify dict entries of userB.
Do you have system users? The group way I mentioned would avoid problems with them, but of course not security problems related to Dovecot processes themselves.
One can already define per-user sieve scripts in Dovecot 2.0, and I wonder if you have considered per-user dictionaries?
Well, the whole point of expire database is that a single command can quickly see what users have mails to expunge. So this needs to be a shared dictionary across users.
Of course, having some kind of user authentication would be nice across Dovecot processes.. But I'm not sure if there's a way to make that work.