[Dovecot] LDA and auth-userdb socket permissions

Timo Sirainen tss at iki.fi
Tue Aug 23 22:44:01 EEST 2011


On Tue, 2011-08-23 at 20:38 +0100, a.smith at ukgrid.net wrote:
> > It doesn't actually matter what groups you have assigned to vmail user.
> > Dovecot only enables the primary group (and not even that if you've
> > overridden it in config), and apparently Exim does the same too.
> >
> > The supplementary groups don't automatically get enabled when process's
> > UID switched, it requires explicit extra code to do it. In most
> > installations this is just useless extra work and a potential accidental
> > security hole.
> >
> 
> Ok, I assumed that secondary groups are honoured in almost all  
> instances on a UNIX or Linux platform. I can add a note to the wiki  
> making it explicit that the group must be the primary group if you  
> think it's appropriate...

It doesn't have to be the primary group. This is more of an Exim side
problem that it doesn't assign the supplementary groups (if it did, it
would have worked with dovecot-lda). I don't think the way you
configured Exim to call dovecot-lda is explained anywhere in Dovecot
wiki?





More information about the dovecot mailing list