Greetings,
I am configuring a new Dovecot installation, and the way the valid_chroot_dirs and mail_chroot variables affect the mail processes are a bit unclear to me. I was wondering if anyone could provide me with more specific details than the comments in the configuration file do, or maybe even recommend some values given my configuration.
We have a Debian GNU/Linux system and a mix of users with shell accounts and users with disabled logins. Both these groups should be handled the same way by Dovecot: auth_userdb is passwd and auth_passdb is pam. The dovecot PAM service will use pam_mysql.so, if that matters.
Mail is in mbox format (we have too many sticklers who are set in their ways, unfortunately); I'm thinking default_mail_env should be mbox:~/Mail/:INBOX=/var/mail/%u.
So, if I understand correctly, (a) I should set chroots on the mail processes, since some of our users don't have real shell accounts, and (b) those processes will need access to /var/mail and home directories under /home.
So my best guess is that I should set the chroot variables like this:
valid_chroot_dirs = /var/mail:/home mail_chroot = /var/mail
I'm not sure about this though, for a number of reasons.
Do I need to even chroot at all, or do I misunderstand the comments?
If I do need to chroot, the comments about valid_chroot_dirs warn very strongly that the chroot dirs should not be writeable by users. /home itself isn't writeable by users, but obviously their home directories are. Is listing /home also vulnerable to exploits? If it is, what would a good solution be?
What's the meaning of /./ in mail_chroot? The comments about it, unfortunately, make no sense at all to me. It says that /home/./user is the same as /home, but if that's completely true, why wouldn't I just say mail_chroot = /home? I even looked into the source and it still wasn't really clear to me.
Thanks in advance for any help you can offer,
-- -- Brett Smith