Whats the easy'est way to mod the source to allow the statis uid and or gid or of the users be root ? PS. I do wish this was an admin set-able option in the dovecot.conf -- Chris L. Franklin --
Chris L. Franklin wrote:> Whats the easy'est way to mod the source to allow the statis uid and or > gid or of the users be root ? > > PS. I do wish this was an admin set-able option in the dovecot.confI thought the only thing stopping this (apart from good sense) is the minimum UID setting in the config file? Honestly, why do you want it to be root? It's NOT a good idea, even though Dovecot has so far shown to be very secure. -- Curtis
Chris L. Franklin wrote:>> Honestly, why do you want it to be root? It's NOT a good idea, even >> though Dovecot has so far shown to be very secure. > > > I disagree, stronglyTo which statement? That using root is not a good idea, or that Dovecot has shown to be secure?>> I thought the only thing stopping this (apart from good sense) is the >> minimum UID setting in the config file? > > Nope it's in the source to disallow itOh, ok. Well, I'm not surprised. It's generally considered a bad practice.> PS. On the good sense part, It's way I use SELinux. I could just hand > out root's login on my box and not worry. >From what I understand, SELinux is a special case. What I've been told of it, it's an interesting idea, with much merit. I don't know enough to say either way. Maybe I'll take a closer look after I've finished delving into Sun's RBAC. As for the code changes, from memory the UID checking stuff is all in the one place ( in 0.99.14 it seems to be src/lib/restrict-access.c ). I'm not sure about 1.0... we'll move to that when we can have custom flags :) -- Curtis
On Wed, 27 Apr 2005, Chris L. Franklin wrote:> Whats the easy'est way to mod the source to allow the statis uid and or gid > or of the users be root ? > > PS. I do wish this was an admin set-able option in the dovecot.confIt's better to forward roots mail to another account. You really shouldn't do anything as root unless you have to. You can change this in the source, but I think it's a good idea to hard code it so that you can't log in as root. It's easy enough to redirect roots email. Todd