Yes, I have read them. I understood there was a problem with authdb=0777, even tough the written instructions in config file actually recommends settings 0777 if you want free userdb lookups:
" # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). "
But I did remove authdb=0777 and put it back to 0666. Since the setuid works.
I did setuid dovecot-lda to root, and then remove execute permissions from everyone. According to the instructions on this page:
https://doc.dovecot.org/main/howto/lda.html#multiple-uids
Then I set apache2 to run as group dovecot. It isn't really a big security problem anymore.
Apache2 can access all dovecot resources, nothing more.
-----Ursprungligt meddelande----- Från: Benny Pedersen via dovecot <dovecot@dovecot.org> Skickat: den 31 oktober 2024 20:43 Till: dovecot@dovecot.org Ämne: Re: Sv: Sv: dovecot-lda from www-data - doesnt work
Sebastian Nielsen via dovecot skrev den 2024-10-31 19:55:
Now it FINALLY works!
read other mails on maillist, if you belive its good, then you dont know security at all _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org