24 Jul
2008
24 Jul
'08
11:18 a.m.
Hi,
I have a little problem with defining the right permissions for dovecot.conf. The main problem is that the password for SSL certificates is stored there and the conf file is world readable by default, which makes a security problem [1]. It is not a problem to restrict the permissions to 0600, dovecot will still work, but then deliver cannot work as it reads the conf too, but it runs under arbitrary user. So my last iteration is 0640 as permission and root:mail as ownership, but that expects that deliver is run with group = mail. For the long term solution I would prefer to move the password into a separate config file so the permissions can be properly restricted there. What are your opinions?
With regards,
Dan[1] https://bugzilla.redhat.com/show_bug.cgi?id=436287
Fedora and Red Hat package maintainer