doveadm: Error: open(/proc/self/io) failed

me at tdiehl.org me at tdiehl.org
Tue Aug 6 04:20:36 EEST 2019


On Thu, 1 Aug 2019, Timo Sirainen via dovecot wrote:

> On 31 Jul 2019, at 20.45, A. Schulze via dovecot <dovecot at dovecot.org> wrote:
>>
>>
>>
>> Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
>>> service lmtp {
>>> user = vmail
>>> }
>>>
>>> please remove user = vmail from here or change it to root.
>>>
>>> for security reasons lmtp service must be started as root since version 2.2.36. lmtp will drop root privileges after initialization but it needs to open /self/proc/io as root before that.
>>
>> Hello Sami,
>>
>> I don't read "root is required for lmtp" in https://wiki.dovecot.org/LMTP#Security neither does https://dovecot.org/doc/NEWS-2.2 say so.
>> Could you proof that statement somehow?
>
>
> Alternative is:
>
> service lmtp {
>  user = vmail
>  drop_priv_before_exec = yes
> }
>
> I'm not sure if you run into other problems with that.

OK, so now I am confused. At https://wiki.dovecot.org/LMTP#Security it says
"If you're using only a single global UID/GID, you can improve security by
running lmtp processes as that user"

So, if I am using a single UID/GID, then is the above wiki article correct or
do I need to change my config?

Regards,

-- 
Tom			me at tdiehl.org


More information about the dovecot mailing list