[Dovecot] Dovecot dict process privileges
Hi!
Is it possible to configure Dovecot so that it drops privileges for dict process? Currently this process is running as root. (At least on my system with Dovecot 1.2.)
Best regards
Mike
Hi!
--- On Wed, 8/18/10, Timo Sirainen <tss@iki.fi> wrote:
Only with v2.0.
And how is this done with 2.0? I do not see any configuration option here:
http://wiki2.dovecot.org/MainConfig#Dictionary_server_settings
Mike
On Wed, 2010-08-18 at 15:39 -0700, Mike Mimic wrote:
Hi!
--- On Wed, 8/18/10, Timo Sirainen <tss@iki.fi> wrote:
Only with v2.0.
And how is this done with 2.0? I do not see any configuration option here:
http://wiki2.dovecot.org/MainConfig#Dictionary_server_settings
That page is still for v1.x's config.. I think I'll just delete the page, since I don't really know how to put the current split example config in there.
Anyway, with v2.0 you can do:
service dict { user = whatever }
On 8/20/2010 2:51 AM, Mike Mimic wrote:
Hi!
--- On Thu, 8/19/10, Timo Sirainen<tss@iki.fi> wrote:
Anyway, with v2.0 you can do:
service dict { user = whatever } Thanks.
Mike
I had the same problem as you with 2.0; 1.2.x I couldn't get dict to work at all for an error in the code. Here is how I fixed 2.0 though:
service dict { unix_listener dict { user = mail << same as what you put for service imap mode = 0660 group = mail << same as what you put for service imap } }
Jerrale G. SC Senior Admin
On Fri, 2010-08-20 at 12:43 -0400, Jerrale G wrote:
I had the same problem as you with 2.0; 1.2.x I couldn't get dict to work at all for an error in the code. Here is how I fixed 2.0 though:
service dict { unix_listener dict { user = mail << same as what you put for service imap mode = 0660 group = mail << same as what you put for service imap } }
Oh, yeah, I should add that to example config and wiki since the default is "secure" as in "works in about zero installations" :)
On Fri, 2010-08-20 at 17:48 +0100, Timo Sirainen wrote:
service dict { unix_listener dict { user = mail << same as what you put for service imap mode = 0660 group = mail << same as what you put for service imap } }
Oh, yeah, I should add that to example config and wiki since the default is "secure" as in "works in about zero installations" :)
Added to example-config:
service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } }
Added a wiki page: http://wiki2.dovecot.org/Dict
On 8/20/2010 12:48 PM, Timo Sirainen wrote:
On Fri, 2010-08-20 at 12:43 -0400, Jerrale G wrote:
I had the same problem as you with 2.0; 1.2.x I couldn't get dict to work at all for an error in the code. Here is how I fixed 2.0 though:
service dict { unix_listener dict { user = mail<< same as what you put for service imap mode = 0660 group = mail<< same as what you put for service imap } } Oh, yeah, I should add that to example config and wiki since the default is "secure" as in "works in about zero installations" :)
Sorry Timo, he was having the same problem I was so I thought I would share my setup; I didn't say the default wasn't secure but I couldn't get the default's permissions to work. This could have been because I had forgotten the /var/run directory itself had to have world executable permissions.
So, Marc Perel, use the default; make sure you have world executable permissions on /var/run while chmoding to 770 /var/run/dovecot and owning the individual service files to the correct users and groups.
If this doesn't work, try the permissions. I'm going to review mine to make sure they will now work as default.
Jerrale G. SC Senior Admin
participants (3)
-
Jerrale G
-
Mike Mimic
-
Timo Sirainen