Chris L. Franklin wrote:
Honestly, why do you want it to be root? It's NOT a good idea, even though Dovecot has so far shown to be very secure.
I disagree, strongly
To which statement? That using root is not a good idea, or that Dovecot has shown to be secure?
I thought the only thing stopping this (apart from good sense) is the minimum UID setting in the config file?
Nope it's in the source to disallow it
Oh, ok. Well, I'm not surprised. It's generally considered a bad practice.
PS. On the good sense part, It's way I use SELinux. I could just hand out root's login on my box and not worry.
From what I understand, SELinux is a special case. What I've been told of it, it's an interesting idea, with much merit. I don't know enough to say either way. Maybe I'll take a closer look after I've finished delving into Sun's RBAC.
As for the code changes, from memory the UID checking stuff is all in the one place ( in 0.99.14 it seems to be src/lib/restrict-access.c ). I'm not sure about 1.0... we'll move to that when we can have custom flags :)
-- Curtis