On Sun, 2010-03-14 at 20:41 +0100, Thomas Leuxner wrote:
Hi,
with 'changeset 10910' the Auth master process is running as 'default_internal_user' now (dovecot). This requires permissions tuning for 'passwd-files' at least, while other plugins would run in a different user context, 'vmail' in my setup. I see that this may be safer, just wondering how to streamline the config:
[20:27] root spectre:/var/vmail/conf.d# l drwxr-x--- 4 dovecot vmail 4096 2010-03-14 17:40 leuxner.net .. drwx------ 2 vmail vmail 4096 2010-03-14 13:09 acls
Why does vmail own any of these files? Dovecot accesses them only via dovecot-auth. Do you have something else that needs to read/write them as vmail?
I think the best solutions are (in order):
Create a new doveauth user that has read (but no write) access to the files. Use doveauth for auth process.
Use root user for files and auth process.
Use dovecot user for files and auth process.