On Mon, 2010-07-12 at 00:09 +0300, Buzai Andras wrote:
dovecot unix - n n - - pipe flags=DRhu user=*mysudoeruser* argv=/usr/bin/sudo /usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
When you say that: * "Basically the user that calls deliver via sudo has the ability to gain root privileges (e.g. by telling deliver to load a plugin that execs a shell)."*,
do you refer to the postfix user or to the user specified in the master.cffile ( *mysudoeruser* in my case)?
mysudoeruser (that's who you gave sudo access, right?)
In my configuration the user "mysudoeruser" is a dedicated user only for this action and it is not allowed to login, etc ...
So basically for somebody to gain root access it should compromise the "mysudoeruser" dedicated user, right?
Yeah.
Would you use this setup in a production environment? :)
I guess it's not too bad. But I'd switch to LMTP once you've upgraded to Dovecot v2.0.