On Tue, 20 Sep 2011 02:50:32 +0300, Timo Sirainen wrote:
On 20.9.2011, at 2.22, Linda Walsh wrote:
I can log in via SSH, so why not allow it with secure IMAP? I
suppose
really, if someone wants to run as root with no password dovecot
should be
**configurable** to allow this -- as we can't always understand the
needs
of end users.
Because there's no good reason to read mails as root. If you can give
me a good reason I might reconsider, but I highly doubt that's going
to happen.
Anyway it's mainly about making sure that in the case of some
internal security hole (or misconfiguration) in Dovecot at least that
security hole couldn't be leveraged to gain root privileges that
would
allow reading everyone's mails.
Example. You have a system on which root uid=0 means nothing
(assigns no
privs -- all assigned via privilege/capability bits).
This means dovecot is hardcoded to lock out a user that may have no
privileges, but has no prob permitting access to those with full
Capability/priv sets.
Rare, and in such cases irrelevant.
