I set up postfix/dovecot with the dovecot-LDA according to the dovecot wiki, in particular: http://wiki.dovecot.org/LDA#head-dacb9b9a1f19c3ea86bb6f8caa3d64e3ddad9ef8
For separation of privileges, I want to have one uid per virtual domain rather than have the vmail user own all directories under the mailstore.
Therefore the LDA, deliver, in order to deliver must fulfill one of the following: a) it must be started as root b) it must be setuid c) it must have write access to the user's mailstore even as an unprivileged user itself.
But a) postfix declines to this: postfix/pipe[26267]: fatal: user= command-line attribute specifies root privileges which is probably a good thing.
b) will work, but I'm really wary of making anything setuid c) could be done if the group that deliver runs as (as defined in the user= attribute in master.cf) is the same as the group of each mailstore directory and that this group has write permissions *and* the sticky bit of each mailstore directory is set so that the file created by deliver is owned by the uid of the mailstore owner not deliver's uid.
This is not exactly a question as such because I believe, subject to a little testing, that I have a working mail setup. However, I believe in doing things the right way wherever possible and I'm sure someone must have come across this before, so I'm submitting to the list inviting comment. How are most of you doing this? Are you just using a single uid for all virtual users?
-- Duncan Hutty System Administrator, ECE Carnegie Mellon University
Please use informative subject lines