[Dovecot] dovecot.conf permissions
Hi,
I have a little problem with defining the right permissions for dovecot.conf. The main problem is that the password for SSL certificates is stored there and the conf file is world readable by default, which makes a security problem [1]. It is not a problem to restrict the permissions to 0600, dovecot will still work, but then deliver cannot work as it reads the conf too, but it runs under arbitrary user. So my last iteration is 0640 as permission and root:mail as ownership, but that expects that deliver is run with group = mail. For the long term solution I would prefer to move the password into a separate config file so the permissions can be properly restricted there. What are your opinions?
With regards,
Dan[1] https://bugzilla.redhat.com/show_bug.cgi?id=436287
Fedora and Red Hat package maintainer
on 7-24-2008 1:18 AM Dan Horák spake the following:
Hi,
I have a little problem with defining the right permissions for dovecot.conf. The main problem is that the password for SSL certificates is stored there and the conf file is world readable by default, which makes a security problem [1]. It is not a problem to restrict the permissions to 0600, dovecot will still work, but then deliver cannot work as it reads the conf too, but it runs under arbitrary user. So my last iteration is 0640 as permission and root:mail as ownership, but that expects that deliver is run with group = mail. For the long term solution I would prefer to move the password into a separate config file so the permissions can be properly restricted there. What are your opinions?
With regards, Dan
[1] https://bugzilla.redhat.com/show_bug.cgi?id=436287 You can always have no passwords on ssl certs. Probably just as secure as a world readable password.
-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
On Thu, 2008-07-24 at 10:18 +0200, Dan Horák wrote:
Hi,
I have a little problem with defining the right permissions for dovecot.conf. The main problem is that the password for SSL certificates is stored there and the conf file is world readable by default, which makes a security problem [1]. It is not a problem to restrict the permissions to 0600, dovecot will still work, but then deliver cannot work as it reads the conf too, but it runs under arbitrary user. So my last iteration is 0640 as permission and root:mail as ownership, but that expects that deliver is run with group = mail. For the long term solution I would prefer to move the password into a separate config file so the permissions can be properly restricted there. What are your opinions?
Config file including will be supported some day. Also you could start Dovecot with -p parameter and specify the password there.
participants (3)
-
Dan Horák
-
Scott Silva
-
Timo Sirainen