On 6.8.2019 4.20, Tom Diehl via dovecot wrote:
On Thu, 1 Aug 2019, Timo Sirainen via dovecot wrote:
On 31 Jul 2019, at 20.45, A. Schulze via dovecot dovecot@dovecot.org wrote:
Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
service lmtp { user = vmail }
please remove user = vmail from here or change it to root.
for security reasons lmtp service must be started as root since version 2.2.36. lmtp will drop root privileges after initialization but it needs to open /self/proc/io as root before that.
Hello Sami,
I don't read "root is required for lmtp" in https://wiki.dovecot.org/LMTP#Security neither does https://dovecot.org/doc/NEWS-2.2 say so. Could you proof that statement somehow?
Alternative is:
service lmtp { user = vmail drop_priv_before_exec = yes }
I'm not sure if you run into other problems with that.
OK, so now I am confused. At https://wiki.dovecot.org/LMTP#Security it says "If you're using only a single global UID/GID, you can improve security by running lmtp processes as that user"
So, if I am using a single UID/GID, then is the above wiki article correct or do I need to change my config?
Regards,
This file is used for stats gathering, so if you are not using stats, it's not a huge problem. You can probably also use
import_environment = PR_SET_DUMPABLE=1
to get rid of the warning. Although this makes your process less secure as it can be ptrace'd.
Aki