newbie userdb lookup problem
aki.tuomi at dovecot.fi
aki.tuomi at dovecot.fi
Thu Jun 23 06:39:33 UTC 2016
> On June 23, 2016 at 8:56 AM Michael Fox <news at mefox.org> wrote:
>
>
> > http://wiki.dovecot.org/LDA
> >
> > Section virtual users, with lookup has the answer.
>
> Thanks for the quick response Aki.
>
> I presume you're referring to this:
>
> service auth {
> unix_listener auth-userdb {
> mode = 0600
> user = vmail # User running dovecot-lda
> #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group
> }
> }
>
> So, given that, then I'm still not clear on the following:
> 1) User vmail is reading the userdb, not writing to the userdb. So why mode 0600?
> 2) What should the owner, group and mode/permissions of the actual userdb flat file be for best security?
>
> Michael
1) that is a socket, not regular file. LDA speaks with auth service.
2) as auth *service* runs as root it prolly is best to use root:root 0400 for the actual file.
---
Aki Tuomi
More information about the dovecot
mailing list