[Dovecot] How to achieve proper privilege separation?
Timo Sirainen
tss at iki.fi
Fri Feb 24 01:26:08 EET 2012
On 23.2.2012, at 21.56, Tóth Attila wrote:
> In the mean time I've upgraded to 2.1.
> I've enabled debug logging and logged in.
>
> I suspect that hardening features can be blamed for my problem. After
> booting a previous kernel the behavior was reverted.
OK.
> Feb 23 20:50:12 atoth dovecot: imap(atoth): Debug: Effective uid=1000,
> gid=100, home=/home/atoth
This says that the IMAP is running as UID 1000. The code that produces this is:
i_debug("Effective uid=%s, gid=%s, home=%s",
dec2str(geteuid()), dec2str(getegid()), home);
So if the process is still creating files as root, the kernel is lying..
More information about the dovecot
mailing list