Re: [Dovecot] Securing mailboxes and passwords
Sendt: Wed, 25 Feb 2009 01:36:00 +0100 (CET) Fra: "Daniel Aleksandersen"
Sendt: Tue, 24 Feb 2009 19:11:43 -0500 Fra: Timo Sirainent
On Wed, 2009-02-25 at 00:38 +0100, Daniel Aleksandersen wrote:
Sendt: Wed, 25 Feb 2009 00:29:17 +0100 Fra: Pascal Volk
On 25.02.2009 00:25 Daniel Aleksandersen wrote:
The recepie assumes I have a group called secmail. I don’t. Am I supposed to create a special group for this purpose?
Yes, if the group does not exists, you have to create it. You could call it whatever you want.
I created the group and set the permissions to deliver as described in the recepie. I then added just about every user to that group.
No, don't do that. The point of it was to make deliver executable only by your MTA, no one else. If other people were able to execute it, they could gain root privileges.
I started added other users just to troubleshoot the problems I have been havnig. It did not work anyways, so I have removed other users from theat group.
The permissions still must be 777 or dovecot starts throwing permission errors.
I have tried a variety of other permissions including 677, 767, 776. All fail but 777.
ps -ef|grep exim shows that exim is run by user 101. A look into /etc/group reveals the user as libuuid. Debian-exim is user 103. Could this be what is causing my problems? How do I change what user exim is run as?
Daniel
on 2-24-2009 5:56 PM Daniel Aleksandersen spake the following:
Sendt: Wed, 25 Feb 2009 01:36:00 +0100 (CET) Fra: "Daniel Aleksandersen"
Sendt: Tue, 24 Feb 2009 19:11:43 -0500 Fra: Timo Sirainent
On Wed, 2009-02-25 at 00:38 +0100, Daniel Aleksandersen wrote:
On 25.02.2009 00:25 Daniel Aleksandersen wrote:
The recepie assumes I have a group called secmail. I don’t. Am I supposed to create a special group for this purpose? Yes, if the group does not exists, you have to create it. You could call it whatever you want. I created the group and set the permissions to deliver as described in the recepie. I
Sendt: Wed, 25 Feb 2009 00:29:17 +0100 Fra: Pascal Volk then added just about every user to that group. No, don't do that. The point of it was to make deliver executable only by your MTA, no one else. If other people were able to execute it, they could gain root privileges. I started added other users just to troubleshoot the problems I have been havnig. It did not work anyways, so I have removed other users from theat group.
The permissions still must be 777 or dovecot starts throwing permission errors.
I have tried a variety of other permissions including 677, 767, 776. All fail but 777.
ps -ef|grep exim shows that exim is run by user 101. A look into /etc/group reveals the user as libuuid. Debian-exim is user 103. Could this be what is causing my problems? How do I change what user exim is run as? /etc/group is the group numbers, not the user numbers. They don't always coincide. /etc/passwd would have the user numbers.
-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
participants (2)
-
Daniel Aleksandersen
-
Scott Silva