Dnia 20.08.2022 o godz. 19:34:03 Jaroslaw Rafa pisze:
I have one more question regarding this.
My service needs to access the socket /var/run/dovecot/anvil. The problem is that this socket (at least on my system) has permissions only for root:
srw------- 1 root root 0 May 22 2020 /var/run/dovecot/anvil
And I don't think it's a good idea to run my service as root. Is it possible to add permission to this socket for another user? If yes, what should I change in Dovecot config?
Well, documentation is not very clear on this, but by trial and error I was able to change /var/run/dovecot/anvil socket permissions to:
srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil
by putting the following lines into Dovecot configuration:
# this is needed for Postfix IMAP-before-SMTP policy service to access anvil service anvil { unix_listener anvil { user = root group = dovecot mode = 0660 } }
Then my service can run under the user "dovecot" and access anvil.
So I'd like to ask - do I create any security risk by changing the anvil socket permissions like above and running my service under "dovecot" user?
Or is it better that I create a special user dedicated only for this service and run the service under that user?
Regards, Jaroslaw Rafa raj@rafa.eu.org
"In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."