[Dovecot] dovecot non-local users
From the docs:
System without local users
<snip>
Having one uid per user would mean that in case of a security hole in Dovecot, the user still couldn't read other peoples mails. Use this if possible.
I don't quite understand this one. If you aren't a local user, what's the uid all about?
Do I do something like: create a user for mydomain in /etc/passwd (eg: user:domain_dude, home:/var/dovecot) with a valid home/uid/gid. Plug in the uid/gid/home for domain_dude in the authentication and have a data structure of /var/dovecot/%d/%n/Maildir or %h/%d/%d/Maildir where %h = "/var/dovecot" via /etc/passwd.
Something like that?
On Wed, 2004-06-16 at 03:51, Tom Allison wrote:
Having one uid per user would mean that in case of a security hole in Dovecot, the user still couldn't read other peoples mails. Use this if possible.
I don't quite understand this one. If you aren't a local user, what's the uid all about?
"in case of a security hole", ie. if attacker finds a way to execute arbitrary code in the imap/pop3 process. Of course there never will be such holes ;)
Do I do something like: create a user for mydomain in /etc/passwd (eg: user:domain_dude, home:/var/dovecot) with a valid home/uid/gid. Plug in the uid/gid/home for domain_dude in the authentication and have a data structure of /var/dovecot/%d/%n/Maildir or %h/%d/%d/Maildir where %h = "/var/dovecot" via /etc/passwd.
If the home is domain-wide, it'd probably be better to point home directory to /var/dovecot/domain and use %h/%n/Maildir in default_mail_env.
Keeping home directory somewhere where the user has write access to might be useful sooner or later (eg. to get core dumps written).
participants (2)
-
Timo Sirainen
-
Tom Allison