My apologies, I went back and the correct is that I asked whether it is not unsafe and you did not reply anything. So I remembered it as "Yes, it safe".
Btw. question about benefits is interesting me too, because I can not see any now and I am planning to move everything under single UID.
Láďa-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, January 22, 2007 8:53 PM To: Láďa Cc: 'Jochen Schulz'; 'Dovecot Mailing List' Subject: Re: [Dovecot] Postfix & Dovecot LDA
On Mon, 2007-01-22 at 18:12 +0100, Láďa wrote:
Hi, I have a setup, which is the same (currently in testing).
Main problem is that LDA has to switch its privileges to the owner of mail so it has to be run as root. Marking it suid solves the problem, than you can change it to be executable only by Postfix. Timo says that this is the safe way and I personally believe him :-)
I don't remember saying it's completely safe, but it's about the only possibility there is currently. There may be bugs that allow local attackers to get root privileges using the suid-root deliver. To make it safer, you could put the suid-root deliver into a directory that only postfix has access to. The whole Dovecot's libexec-dir could actually be made that way, as long as you're not using mail_drop_priv_before_exec=yes.