Any thoughts on this:
The primary use for "dovecot" user has been for login processes. But people keep misunderstanding this and try to use dovecot for accessing mails. For years I've been wondering about renaming this user to something else like dovelogin, but it never really seemed practical.
So now with v2.0 there are a bunch of new processes, and for example anvil and dict are now run as dovecot user by default. But it's not really good that login processes can just go and kill those processes. And even worse, if drop_priv_before_exec=yes they could ptrace these processes.
So I think we need two Dovecot users for v2.0:
- Completely untrusted user for login processes.
- Slightly more trusted internal Dovecot user.
So "dovecot" could be reused for 2. And it would no longer be a mortal sin to use dovecot user for owning mail files. For 1. there would be a new user. I'd use "dovelogin", but apparently tools still don't much like usernames that are longer than 8 characters. Like ps could show numeric uid instead of 9 character long username. So .. any suggestions? "dovlogin" could be one possibility I guess. It would be nice if the name somehow reminded of login processes, but maybe something else could be used too, like: dovenil, dovenull, dovezero, dovenone, dovevoid, doveint, dovedown, dovein, dove0