[Dovecot] LDA and auth-userdb socket permissions
a.smith at ukgrid.net
a.smith at ukgrid.net
Tue Aug 23 22:38:19 EEST 2011
Quoting Timo Sirainen <tss at iki.fi>:
> On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote:
>
>
>> In my test, actually what I have is a vmail user with primary group
>> vmail and secondary group mailnull. Which as mentioned results in this
>> error:
>
> It doesn't actually matter what groups you have assigned to vmail user.
> Dovecot only enables the primary group (and not even that if you've
> overridden it in config), and apparently Exim does the same too.
>
> The supplementary groups don't automatically get enabled when process's
> UID switched, it requires explicit extra code to do it. In most
> installations this is just useless extra work and a potential accidental
> security hole.
>
Ok, I assumed that secondary groups are honoured in almost all
instances on a UNIX or Linux platform. I can add a note to the wiki
making it explicit that the group must be the primary group if you
think it's appropriate...
More information about the dovecot
mailing list