Hi,
I'm running dovecot 1.2.15, on Debian squeeze. /var/mail is owned by group "mail" with permissions "g+rwxs,o=". The mail_privileged_group setting is set to "mail".
I am trying to access mail on a remote machine with mutt by tunnelling
mutt though ssh and running dovecot --exec-mail imap on the mail
server. But I frequently get errors in the mail server's logs about
not being able to create dotlock files when accessing my INBOX this
way. This makes sense -- I'm running dovecot as a regular user, so it
isn't able to write to /var/mail as group "mail".
I notice that on the dovecot wiki[1] it is suggested that sudo is used
to set uid/gid before running dovecot --exec-mail imap. But I don't
actually want to set the uid, just the gid. And I also have sudo
disabled at the moment. So I was wondering about another solution...
Would it be acceptable to setgid the dovecot executable and change it's
group to "mail" (i.e., chgrp mail dovecot and chmod g+s dovecot)?
Would this pose some kind of security risk? Would this actualy do what
I want, or am I missing a bigger picture?
Kind regards,
[1] http://wiki.dovecot.org/PreAuth
-- Tim Marston ed.am