Let lmtp create target directories

martin f krafft madduck at madduck.net
Thu Nov 26 02:12:02 UTC 2015


we're using vmm¹ to manage our postfix+dovecot virtual mail setup,
which allows us to give every virtual user a separate EUID and every
domain a separate EGID for additional security (vs. handling all
virtual mail with a single "vmail" user).

As a consequence, however, vmm must itself create the user
directories with the appropriate owners, and to do so, it requires
root rights.

I am trying to investigate getting rid of this need³. Since Dovecot
quite happily creates ~/Maildir when necessary, couldn't it also
create parents? The home directory should be trivial (same
EUID/EGID), but grandparents etc. might need a different policy
(e.g. 0/EGID for the grandparent, 0/0 for great-grandparents, etc.).

Is this something that could fall within the realm of Dovecot's
lmtp? Or is the lmtp invoked as the user and doesn't actually drop
root? If so, might there be another way?

¹) http://vmm.localdomain.org/²
²) Hallo Pascal
³) http://bugs.debian.org/804382


@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
"perfection is achieved, not when there is nothing more to add, but
 when there is nothing left to take away."
                                         -- antoine de saint-exupéry
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1107 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151126/c8243c83/attachment.sig>

More information about the dovecot mailing list