[Dovecot] How to achieve proper privilege separation?

Timo Sirainen tss at iki.fi
Fri Feb 24 01:26:08 EET 2012


On 23.2.2012, at 21.56, Tóth Attila wrote:

> In the mean time I've upgraded to 2.1.
> I've enabled debug logging and logged in.
> 
> I suspect that hardening features can be blamed for my problem. After
> booting a previous kernel the behavior was reverted.

OK.

> Feb 23 20:50:12 atoth dovecot: imap(atoth): Debug: Effective uid=1000,
> gid=100, home=/home/atoth

This says that the IMAP is running as UID 1000. The code that produces this is:

		i_debug("Effective uid=%s, gid=%s, home=%s",
			dec2str(geteuid()), dec2str(getegid()), home);

So if the process is still creating files as root, the kernel is lying..




More information about the dovecot mailing list