Hi, I have one more question. It may sound like a dumb question but I'll ask anyway :). Since in Dovecot v2.0, LMTP is running as "root" isn't this a security risk of the same level as running "deliver" with sudo in Dovecot v1.2?
Thank you, Buzai Andras On Mon, Jul 12, 2010 at 5:35 PM, Timo Sirainen <[email protected]> wrote: > On Mon, 2010-07-12 at 00:09 +0300, Buzai Andras wrote: > > > dovecot unix - n n - - pipe > > flags=DRhu user=*mysudoeruser* argv=/usr/bin/sudo > /usr/lib/dovecot/deliver > > -f ${sender} -d ${recipient} > > > > When you say that: > > * > > "Basically the user that calls deliver via sudo has the ability to gain > > root privileges (e.g. by telling deliver to > > load a plugin that execs a shell)."*, > > > > do you refer to the postfix user or to the user specified in the > master.cffile ( > > *mysudoeruser* in my case)? > > mysudoeruser (that's who you gave sudo access, right?) > > > In my configuration the user "mysudoeruser" is a dedicated user only for > > this action and it is not allowed to login, etc ... > > > > So basically for somebody to gain root access it should compromise the > > "mysudoeruser" dedicated user, right? > > Yeah. > > > Would you use this setup in a production environment? :) > > I guess it's not too bad. But I'd switch to LMTP once you've upgraded to > Dovecot v2.0. > >
