On Tue, 20 Sep 2011 02:50:32 +0300, Timo Sirainen wrote:
On 20.9.2011, at 2.22, Linda Walsh wrote:
I can log in via SSH, so why not allow it with secure IMAP? I suppose really, if someone wants to run as root with no password dovecot should be **configurable** to allow this -- as we can't always understand the needs of end users.
Because there's no good reason to read mails as root. If you can give me a good reason I might reconsider, but I highly doubt that's going to happen.
Anyway it's mainly about making sure that in the case of some internal security hole (or misconfiguration) in Dovecot at least that security hole couldn't be leveraged to gain root privileges that would allow reading everyone's mails.
Example. You have a system on which root uid=0 means nothing (assigns no privs -- all assigned via privilege/capability bits).
This means dovecot is hardcoded to lock out a user that may have no privileges, but has no prob permitting access to those with full Capability/priv sets.
Rare, and in such cases irrelevant.