[Dovecot] Why can NOT login as root

Linda Walsh dovecot at tlinx.org
Tue Sep 20 02:22:34 EEST 2011 



John Allen wrote:
> As far as I recall, IMAP servers generally don't allow access to root.
>
> According to the Dovecot wiki, this is hard-coded in the binary:
> http://wiki.dovecot.org/MainConfig see under "first_valid_uid"
>
> If the root user is receiving emails, these need to be redirected to 
> another user so they can be read via IMAP.
---
    I guess the source needs a patch.

    Why would dovecot choose to play nursemaid to people who want to read
    root email remotely via IMAPS?

I can log in via SSH, so why not allow it with secure IMAP?  I suppose
really, if someone wants to run as root with no password dovecot should be
**configurable** to allow  this -- as we can't always understand the needs
of end users.

Example.  You have a system on which  root uid=0 means nothing (assigns no
privs -- all assigned via privilege/capability bits).

This means dovecot is hardcoded to lock out a user that may have no
privileges, but has no prob permitting access to those with full
Capability/priv sets.

That is NOT remotely a secure design -- Not that it "allows login to those
w/caps", but that it bogusly tries to invalidate site-security policies
that it doesn't like


Samba has done this and actually disparages people who don't use
conventional security policies 'insecure', when those same people can
point out a multitude of ways samba can be easily --  in the ways that the
samba team, _recommend_, that samba can be accidentally or surreptitiously
configured insecurely.   When it is asked why alternate security 
policies are
insecure -- they change the subject and agree grudgingly to re-allow
'banned' commands under  options like "allow insecure XXXX"...


Trying to 'play nursemaid' to users is a bad security policy -- since as
soon you (like samba team leader said, "we had to make it impossible to
configure samba insecurely", you are asking for trouble;  cuz then users
think they don't have to worry about how they config things, it will
always be secure...and we know  that is very untrue!

More information about the dovecot mailing list