Hi, I have a little problem with defining the right permissions for dovecot.conf. The main problem is that the password for SSL certificates is stored there and the conf file is world readable by default, which makes a security problem [1]. It is not a problem to restrict the permissions to 0600, dovecot will still work, but then deliver cannot work as it reads the conf too, but it runs under arbitrary user. So my last iteration is 0640 as permission and root:mail as ownership, but that expects that deliver is run with group = mail. For the long term solution I would prefer to move the password into a separate config file so the permissions can be properly restricted there. What are your opinions? With regards, Dan [1] https://bugzilla.redhat.com/show_bug.cgi?id=436287 -- Fedora and Red Hat package maintainer
on 7-24-2008 1:18 AM Dan Hor?k spake the following:> Hi, > > I have a little problem with defining the right permissions for > dovecot.conf. The main problem is that the password for SSL certificates > is stored there and the conf file is world readable by default, which > makes a security problem [1]. It is not a problem to restrict the > permissions to 0600, dovecot will still work, but then deliver cannot > work as it reads the conf too, but it runs under arbitrary user. So my > last iteration is 0640 as permission and root:mail as ownership, but > that expects that deliver is run with group = mail. For the long term > solution I would prefer to move the password into a separate config file > so the permissions can be properly restricted there. What are your > opinions? > > > With regards, > Dan > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=436287You can always have no passwords on ssl certs. Probably just as secure as a world readable password. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20080724/443b374b/attachment-0002.bin>
On Thu, 2008-07-24 at 10:18 +0200, Dan Hor?k wrote:> Hi, > > I have a little problem with defining the right permissions for > dovecot.conf. The main problem is that the password for SSL certificates > is stored there and the conf file is world readable by default, which > makes a security problem [1]. It is not a problem to restrict the > permissions to 0600, dovecot will still work, but then deliver cannot > work as it reads the conf too, but it runs under arbitrary user. So my > last iteration is 0640 as permission and root:mail as ownership, but > that expects that deliver is run with group = mail. For the long term > solution I would prefer to move the password into a separate config file > so the permissions can be properly restricted there. What are your > opinions?Config file including will be supported some day. Also you could start Dovecot with -p parameter and specify the password there. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080724/99c75c1f/attachment-0002.bin>