Hello, I asked about this a few days ago, but since nobody answered in that thread, I'd like to bring it up again as a separate thread. Maybe somebody answers...
I have written a policy service for Postfix that checks whether the connecting IP address has currently an IMAP session open. For this, it needs to access the socket /var/run/dovecot/anvil. But by default, this socket is accessible only for root, and I obviously DON'T want my service to run as root:
srw------- 1 root root 0 May 22 2020 /var/run/dovecot/anvil
By modifying Dovecot configuration I was able to chnge the permissions on that socket to:
srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil
Then my service can run under the user "dovecot" and access the socket.
Here's my question: did I create any security risk by changing the socket permissions like above and running my service under "dovecot" user?
Or will it be better that I create a special user dedicated only for this service and run the service under that user?
Regards, Jaroslaw Rafa raj@rafa.eu.org
"In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."