[Dovecot] 2.0: deliver run from multiple uids and configuration files
I'm trying to run deliver from exim transport in a way that it doesn't need to query userdb AND doesn't need to read configuration files.
The problem is that config files are readable for root only and if I run deliver with multiple UIDs then I would have to allow reading config files for everyone. Of course that's not a option because configs contain database passwords and such stuff.
I wonder if it is possible to avoid reading config files by deliver?
The only solution I see it to run deliver via sudo which doesn't look nice.
-- Arkadiusz MiĆkiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/
On Thu, 2011-06-02 at 23:20 +0200, Arkadiusz Miskiewicz wrote:
I'm trying to run deliver from exim transport in a way that it doesn't need to query userdb AND doesn't need to read configuration files.
The problem is that config files are readable for root only and if I run deliver with multiple UIDs then I would have to allow reading config files for everyone. Of course that's not a option because configs contain database passwords and such stuff.
Database passwords should be in in the dovecot-sql.conf.ext or something, which LDA (or doveconf, really) doesn't even try to read.
If there are other secrets, you could put them to a separate file, which you:
!include_try /etc/dovecot/secrets.conf
LDA will just ignore it.
I wonder if it is possible to avoid reading config files by deliver?
With -O parameter it doesn't read config, but I don't really recommend that..
participants (2)
-
Arkadiusz Miskiewicz
-
Timo Sirainen