[Dovecot] deliver LDA issue with setuid-root

Pascal Volk user+dovecot at localhost.localdomain.org
Wed Sep 28 21:33:27 EEST 2011


On 09/28/2011 08:37 AM Daminto Lie wrote:
> Hi,
> 
> I am getting the following error message when trying to implement LDA Dovecot 1.2.9 with virtual users:
> 
> 
> Sep 28 15:59:33 server1 postfix/pipe[3041]: 28BEC2400A1: to=<msmith at example.com>, relay=dovecot, delay=2361, delays=2361/0.01/0/0.03, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/lib/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids )
> 
> I do not know if I need to change the group to secmail. Currently, I have as follows
> 
> -rwsr-xr-x   1 root root 933796 2011-06-10 05:36 deliver
> 
> 
> Can I change it to any other group apart from secmail? and what does it mean by world-executable? Sorry if I ask a silly question here but keen to learn more about linux.

RTFM chmod(1)

>> Here is my master.cf
> # delivery through dovecot
> dovecot   unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
> 
> Any help would be greatly appreciated.
> 
> Thank you

chgrp vmail /usr/lib/dovecot/deliver
chmod o-rx !$


Regards,
Pascal

-- 
The trapper recommends today: cafefeed.1127120 at localdomain.org



More information about the dovecot mailing list