On Wed, 2010-08-25 at 16:07 +0200, Ralph Seichter wrote:
On 25.08.10 15:03, Timo Sirainen wrote:
The group way I mentioned would avoid problems with them, but of course not security problems related to Dovecot processes themselves.
There are users with shell access to the Dovecot server, and as long as all these users require write permissions for the dict socket, I see some potential for trouble.
But you don't have to give rw access to them. You have to give rw access to Dovecot processes (this works as long as you don't use dovecot-lda). See http://wiki2.dovecot.org/Dict
the whole point of expire database is that a single command can quickly see what users have mails to expunge. So this needs to be a shared dictionary across users.
Does it really? I use something like this for cleanup:
for user in $MAILUSERS; do doveadm expunge -u $user ... done
If you do that, then there's no point in using expire database at all. Even the wiki page says at the top that you don't really need it.. What the expire plugin optimizes is if you have lots of users and you call it to all users with -A parameter.
As I loop over users anyway, I don't think that a per-user dictionary would be a bad idea. "doveadm expunge -A" might be different, but I think that even with "-A" you'll need to iterate over users.
Yeah, the doveadm_expire plugin makes the iteration skip users who don't have anything to expunge.