Hello,
we're using vmm¹ to manage our postfix+dovecot virtual mail setup, which allows us to give every virtual user a separate EUID and every domain a separate EGID for additional security (vs. handling all virtual mail with a single "vmail" user).
As a consequence, however, vmm must itself create the user directories with the appropriate owners, and to do so, it requires root rights.
I am trying to investigate getting rid of this need³. Since Dovecot quite happily creates ~/Maildir when necessary, couldn't it also create parents? The home directory should be trivial (same EUID/EGID), but grandparents etc. might need a different policy (e.g. 0/EGID for the grandparent, 0/0 for great-grandparents, etc.).
Is this something that could fall within the realm of Dovecot's lmtp? Or is the lmtp invoked as the user and doesn't actually drop root? If so, might there be another way?
¹) http://vmm.localdomain.org/² ²) Hallo Pascal ³) http://bugs.debian.org/804382
Thanks,
-- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/
"perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." -- antoine de saint-exupéry
spamtraps: madduck.bogus@madduck.net
On 26 Nov 2015, at 04:12, martin f krafft madduck@madduck.net wrote:
Hello,
we're using vmm¹ to manage our postfix+dovecot virtual mail setup, which allows us to give every virtual user a separate EUID and every domain a separate EGID for additional security (vs. handling all virtual mail with a single "vmail" user).
As a consequence, however, vmm must itself create the user directories with the appropriate owners, and to do so, it requires root rights.
I am trying to investigate getting rid of this need³. Since Dovecot quite happily creates ~/Maildir when necessary, couldn't it also create parents? The home directory should be trivial (same EUID/EGID), but grandparents etc. might need a different policy (e.g. 0/EGID for the grandparent, 0/0 for great-grandparents, etc.).
Dovecot already creates all the parent directories. What to set to the permissions are of course a problem. http://wiki2.dovecot.org/SharedMailboxes/Permissions explains how it works right now. See especially "Permissions to new /domain/user directories" and "Permissions to new user home directories (v2.2+)".
Is this something that could fall within the realm of Dovecot's lmtp? Or is the lmtp invoked as the user and doesn't actually drop root? If so, might there be another way?
That's the even bigger issue. The home dir creation is done with the user's privileges, not as root. But the +t bit might help.
participants (2)
-
martin f krafft
-
Timo Sirainen