bounces+dovecot=peter-b.org@dovecot.org] On Behalf Of Timo Sirainen
It's being called by postfix with -d through mailbox_command - I'm digging through postfix config now, if there's a way I can do this without making deliver setuid I'd be much happier....
I don't think Postfix allows running it as root. But since you're using mailbox_command, Postfix already looks up the user's groups from somewhere. Perhaps there's something you can do to make Postfix add access to the wanted extra group?
I suppose the long term solution for this will be to use Dovecot's LMTP server.
Postfix does do group lookup, but not group set. Regardless I wouldn't want the user's group set to include maildir under normal circumstances.
This is where Dovecot works well for me because I can get the dovecot process to add the specified group to the user's authentication which means that they can only get at their mail through dovecot and not through the file system.
Postfix doesn't have the ability to add groups to the user's context so no joy there.
LMTP will be great once it's done, I'm sure, but for now I'm stuck with whatever MTA I can get going... looks like setuid root deliver is going to be the only solution.
Peter.