Hello,
we're using vmm? to manage our postfix+dovecot virtual mail setup,
which allows us to give every virtual user a separate EUID and every
domain a separate EGID for additional security (vs. handling all
virtual mail with a single "vmail" user).
As a consequence, however, vmm must itself create the user
directories with the appropriate owners, and to do so, it requires
root rights.
I am trying to investigate getting rid of this need?. Since Dovecot
quite happily creates ~/Maildir when necessary, couldn't it also
create parents? The home directory should be trivial (same
EUID/EGID), but grandparents etc. might need a different policy
(e.g. 0/EGID for the grandparent, 0/0 for great-grandparents, etc.).
Is this something that could fall within the realm of Dovecot's
lmtp? Or is the lmtp invoked as the user and doesn't actually drop
root? If so, might there be another way?
?) http://vmm.localdomain.org/?
?) Hallo Pascal
?) http://bugs.debian.org/804382
Thanks,
--
@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
"perfection is achieved, not when there is nothing more to add, but
when there is nothing left to take away."
-- antoine de saint-exup?ry
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1107 bytes
Desc: Digital signature (see
http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20151126/c8243c83/attachment.sig>