Replication - user permissions
Petter Gunnerud
pgspm at yahoo.no
Tue Jan 5 13:21:43 UTC 2016
When setting up dsync for replication, what should the user permissions be for sync over ssh?
I'm running virtual users only. Postfix and Dovecot services run as mail:mail. All the maildir folders are owned by mail:mail and permissions are 700.
User mail is not allowed login.
So whats the best practice in respect to security to allow for dsync over ssh?
So of the options I consider:
1) change postfix/dovecot settings so that maildirs are created with 770 permissions, then create a user dsync:mail that is allowed for ssh login.
2) permit user mail to login using ssh
3)go with tcp sync rather than ssh
Other suggestions?
PG
More information about the dovecot
mailing list