23 Jun
2016
23 Jun
'16
9:39 a.m.
On June 23, 2016 at 8:56 AM Michael Fox <news@mefox.org> wrote:
Section virtual users, with lookup has the answer.
Thanks for the quick response Aki.
I presume you're referring to this:
service auth { unix_listener auth-userdb { mode = 0600 user = vmail # User running dovecot-lda #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group } }
So, given that, then I'm still not clear on the following:
- User vmail is reading the userdb, not writing to the userdb. So why mode 0600?
- What should the owner, group and mode/permissions of the actual userdb flat file be for best security?
Michael
that is a socket, not regular file. LDA speaks with auth service.
as auth *service* runs as root it prolly is best to use root:root 0400 for the actual file.
Aki Tuomi