Yes, I have read them. I understood there was a problem with authdb=0777, even tough the written instructions in config file actually recommends settings 0777 if you want free userdb lookups:
"
To give the caller full permissions to lookup all users, set the mode to
something else than 0666 and Dovecot lets the kernel enforce the
permissions (e.g. 0777 allows everyone full permissions).
"
But I did remove authdb=0777 and put it back to 0666. Since the setuid works.
I did setuid dovecot-lda to root, and then remove execute permissions from everyone. According to the instructions on this page:
https://doc.dovecot.org/main/howto/lda.html#multiple-uids
Then I set apache2 to run as group dovecot. It isn't really a big security problem anymore.
Apache2 can access all dovecot resources, nothing more.
-----Ursprungligt meddelande----- Från: Benny Pedersen via dovecot <dovecot@dovecot.org> Skickat: den 31 oktober 2024 20:43 Till: dovecot@dovecot.org Ämne: Re: Sv: Sv: dovecot-lda from www-data - doesnt work
Sebastian Nielsen via dovecot skrev den 2024-10-31 19:55:
Now it FINALLY works!
read other mails on maillist, if you belive its good, then you dont know security at all _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org