27 Oct
2017
27 Oct
'17
12:32 p.m.
On Friday 27 of October 2017, Aki Tuomi wrote:
On 27.10.2017 11:20, Arkadiusz Miśkiewicz wrote:
Hi.
What's the approach for securely enabling imap hibernation in case when each user uses different uid and gid?
Looks like none and 0666 on hibernation and imap master sockets is the only way?
Thanks,
That's the only way, yes. Hibernation keeps all connections in same process.
Couldn't dovecot do setgroups(2) to add additional common group to imap/hibernation processes and rely on that for access to sockets (sockets would be root:thatgroup 0660) thus making it a bit more secure?
Non mail related uids/gids wouldn't have access to sockets that way.
Aki
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )