[Dovecot] dovecot.conf permissions
Dan Horák
dan at danny.cz
Thu Jul 24 11:18:33 EEST 2008
Hi,
I have a little problem with defining the right permissions for
dovecot.conf. The main problem is that the password for SSL certificates
is stored there and the conf file is world readable by default, which
makes a security problem [1]. It is not a problem to restrict the
permissions to 0600, dovecot will still work, but then deliver cannot
work as it reads the conf too, but it runs under arbitrary user. So my
last iteration is 0640 as permission and root:mail as ownership, but
that expects that deliver is run with group = mail. For the long term
solution I would prefer to move the password into a separate config file
so the permissions can be properly restricted there. What are your
opinions?
With regards,
Dan
[1] https://bugzilla.redhat.com/show_bug.cgi?id=436287
--
Fedora and Red Hat package maintainer
More information about the dovecot
mailing list