[Dovecot] dovecot.conf permissions
Scott Silva
ssilva at sgvwater.com
Thu Jul 24 19:01:05 EEST 2008
on 7-24-2008 1:18 AM Dan Horák spake the following:
> Hi,
>
> I have a little problem with defining the right permissions for
> dovecot.conf. The main problem is that the password for SSL certificates
> is stored there and the conf file is world readable by default, which
> makes a security problem [1]. It is not a problem to restrict the
> permissions to 0600, dovecot will still work, but then deliver cannot
> work as it reads the conf too, but it runs under arbitrary user. So my
> last iteration is 0640 as permission and root:mail as ownership, but
> that expects that deliver is run with group = mail. For the long term
> solution I would prefer to move the password into a separate config file
> so the permissions can be properly restricted there. What are your
> opinions?
>
>
> With regards,
> Dan
>
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=436287
You can always have no passwords on ssl certs. Probably just as secure as a
world readable password.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20080724/443b374b/attachment.bin
More information about the dovecot
mailing list