[Dovecot] Chrooting the Mail processes

Bert Koelewijn bert at rosanneke.com
Sun Aug 24 21:17:38 EEST 2003 

Timo,

I think you forgot to post some diff's:

MEMBER(valid_chroot_dirs) NULL,
MEMBER(mail_chroot) ...

and this can't be right:

static int validate_chroot(const char *dir)
{
         const char *const *chroot_dirs;

         if (*dir == '\0')
                 return FALSE;

         if (set->valid_chroot_dirs == NULL)
                 return FALSE;

and some more I guess.

But thanks for your fast reply anyway!

Bert

Timo Sirainen wrote:

> On Sun, 2003-08-24 at 16:07, Timo Sirainen wrote:
> 
>>It's not chrooting anywhere yet with those settings. Hmm. I think I'd
>>need to add "mail_chroot" setting which would specify the default
>>chroot.
> 
> 
> Here's a patch.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> diff -ru dovecot-0.99.10/dovecot-example.conf dovecot-0.99.10.new/dovecot-example.conf
> --- dovecot-0.99.10/dovecot-example.conf	2003-06-26 19:11:06.000000000 +0300
> +++ dovecot-0.99.10.new/dovecot-example.conf	2003-08-24 16:11:56.000000000 +0300
> @@ -166,6 +166,10 @@
>  # allow shell access for users. See doc/configuration.txt for more information.
>  #valid_chroot_dirs = 
>  
> +# Default chroot directory for mail processes. This can be overridden by
> +# giving /./ in user's home directory (eg. /home/./user chroots into /home).
> +#mail_chroot = 
> +
>  # Default MAIL environment to use when it's not set. By leaving this empty
>  # dovecot tries to do some automatic detection as described in
>  # doc/mail-storages.txt. There's a few special variables you can use:
> diff -ru dovecot-0.99.10/src/master/mail-process.c dovecot-0.99.10.new/src/master/mail-process.c
> --- dovecot-0.99.10/src/master/mail-process.c	2003-06-25 02:26:44.000000000 +0300
> +++ dovecot-0.99.10.new/src/master/mail-process.c	2003-08-24 16:12:34.000000000 +0300
> @@ -118,6 +118,9 @@
>  	home_dir = data + reply->home_idx;
>  	chroot_dir = data + reply->chroot_idx;
>  
> +	if (*chroot_dir == '\0')
> +		chroot_dir = set->mail_chroot;
> +
>  	if (*chroot_dir != '\0' && !validate_chroot(chroot_dir)) {
>  		i_error("Invalid chroot directory: %s", chroot_dir);
>  		return FALSE;
> diff -ru dovecot-0.99.10/src/master/master-settings.c dovecot-0.99.10.new/src/master/master-settings.c
> --- dovecot-0.99.10/src/master/master-settings.c	2003-05-21 14:43:04.000000000 +0300
> +++ dovecot-0.99.10.new/src/master/master-settings.c	2003-08-24 16:11:56.000000000 +0300
> @@ -43,6 +43,7 @@
>  
>  	/* mail */
>  	DEF(SET_STR, valid_chroot_dirs),
> +	DEF(SET_STR, mail_chroot),
>  	DEF(SET_INT, max_mail_processes),
>  	DEF(SET_BOOL, verbose_proctitle),
>  
> diff -ru dovecot-0.99.10/src/master/master-settings.h dovecot-0.99.10.new/src/master/master-settings.h
> --- dovecot-0.99.10/src/master/master-settings.h	2003-05-18 15:26:29.000000000 +0300
> +++ dovecot-0.99.10.new/src/master/master-settings.h	2003-08-24 16:11:56.000000000 +0300
> @@ -29,6 +29,7 @@
>  
>  	/* mail */
>  	const char *valid_chroot_dirs;
> +	const char *mail_chroot;
>  	unsigned int max_mail_processes;
>  	int verbose_proctitle;
>

More information about the dovecot mailing list