[Dovecot] Why can NOT login as root

Timo Sirainen tss at iki.fi
Tue Sep 20 02:50:32 EEST 2011


On 20.9.2011, at 2.22, Linda Walsh wrote:

> I can log in via SSH, so why not allow it with secure IMAP?  I suppose
> really, if someone wants to run as root with no password dovecot should be
> **configurable** to allow  this -- as we can't always understand the needs
> of end users.

Because there's no good reason to read mails as root. If you can give me a good reason I might reconsider, but I highly doubt that's going to happen.

Anyway it's mainly about making sure that in the case of some internal security hole (or misconfiguration) in Dovecot at least that security hole couldn't be leveraged to gain root privileges that would allow reading everyone's mails.

> Example.  You have a system on which  root uid=0 means nothing (assigns no
> privs -- all assigned via privilege/capability bits).
> 
> This means dovecot is hardcoded to lock out a user that may have no
> privileges, but has no prob permitting access to those with full
> Capability/priv sets.

Rare, and in such cases irrelevant.




More information about the dovecot mailing list