[Dovecot] Root uid
Curtis Maloney
cmaloney at cardgate.net
Thu Apr 28 04:23:47 EEST 2005
Chris L. Franklin wrote:
>> Honestly, why do you want it to be root? It's NOT a good idea, even
>> though Dovecot has so far shown to be very secure.
>
>
> I disagree, strongly
To which statement? That using root is not a good idea, or that Dovecot has
shown to be secure?
>> I thought the only thing stopping this (apart from good sense) is the
>> minimum UID setting in the config file?
>
> Nope it's in the source to disallow it
Oh, ok. Well, I'm not surprised. It's generally considered a bad practice.
> PS. On the good sense part, It's way I use SELinux. I could just hand
> out root's login on my box and not worry.
>
From what I understand, SELinux is a special case. What I've been told of it,
it's an interesting idea, with much merit. I don't know enough to say either
way. Maybe I'll take a closer look after I've finished delving into Sun's RBAC.
As for the code changes, from memory the UID checking stuff is all in the one
place ( in 0.99.14 it seems to be src/lib/restrict-access.c ). I'm not sure
about 1.0... we'll move to that when we can have custom flags :)
--
Curtis
More information about the dovecot
mailing list