Any thoughts on this: The primary use for "dovecot" user has been for login processes. But people keep misunderstanding this and try to use dovecot for accessing mails. For years I've been wondering about renaming this user to something else like dovelogin, but it never really seemed practical. So now with v2.0 there are a bunch of new processes, and for example anvil and dict are now run as dovecot user by default. But it's not really good that login processes can just go and kill those processes. And even worse, if drop_priv_before_exec=yes they could ptrace these processes. So I think we need two Dovecot users for v2.0: 1. Completely untrusted user for login processes. 2. Slightly more trusted internal Dovecot user. So "dovecot" could be reused for 2. And it would no longer be a mortal sin to use dovecot user for owning mail files. For 1. there would be a new user. I'd use "dovelogin", but apparently tools still don't much like usernames that are longer than 8 characters. Like ps could show numeric uid instead of 9 character long username. So .. any suggestions? "dovlogin" could be one possibility I guess. It would be nice if the name somehow reminded of login processes, but maybe something else could be used too, like: dovenil, dovenull, dovezero, dovenone, dovevoid, doveint, dovedown, dovein, dove0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20100123/fd310fae/attachment-0002.bin>
On 23.01.10 13:51, Timo Sirainen wrote:> 1. Completely untrusted user for login processes. > 2. Slightly more trusted internal Dovecot user. > > So "dovecot" could be reused for 2. And it would no longer be a mortal > sin to use dovecot user for owning mail files. For 1. there would be a > new user. I'd use "dovelogin", but apparently tools still don't much > like usernames that are longer than 8 characters.You could use "dovecotl" (lower-case "l" as the eighth character) which as a nice Aztec ring. ;-) Seriously, I'd suggest you make both users configurable, either by providing a compile time option for "configure" or by adding runtime options to dovecot.conf. That would allow each administrator to chose users according to local regulations. -Ralph
Well, I don't know how you feel about it, but you could always go with something similar to what courier does and call it "doveauth" while keeping the real "dovecot" user for the reset of the processes. It's eight characters, reminds you of the login process, and very easy to understand for anyone who sees it for the first time. /my two cents...> So "dovecot" could be reused for 2. And it would no longer be a mortal > sin to use dovecot user for owning mail files. For 1. there would be a > new user. I'd use "dovelogin", but apparently tools still don't much > like usernames that are longer than 8 characters. Like ps could show > numeric uid instead of 9 character long username. So .. any suggestions? > "dovlogin" could be one possibility I guess. It would be nice if the > name somehow reminded of login processes, but maybe something else could > be used too, like: dovenil, dovenull, dovezero, dovenone, dovevoid, > doveint, dovedown, dovein, dove0 >
I think the next v2.0 release (rc1?) will include the new changed default_login_user. I'm still not completely sure what it is though. Two more ideas: "dovenest" (by Pascal Volk) - although reminds me a bit too much of lovenest :) "dovehole" - you go inside dovecot via a hole, right? On Sat, 2010-01-23 at 14:51 +0200, Timo Sirainen wrote:> Any thoughts on this: > > The primary use for "dovecot" user has been for login processes. But > people keep misunderstanding this and try to use dovecot for accessing > mails. For years I've been wondering about renaming this user to > something else like dovelogin, but it never really seemed practical. > > So now with v2.0 there are a bunch of new processes, and for example > anvil and dict are now run as dovecot user by default. But it's not > really good that login processes can just go and kill those processes. > And even worse, if drop_priv_before_exec=yes they could ptrace these > processes. > > So I think we need two Dovecot users for v2.0: > > 1. Completely untrusted user for login processes. > 2. Slightly more trusted internal Dovecot user. > > So "dovecot" could be reused for 2. And it would no longer be a mortal > sin to use dovecot user for owning mail files. For 1. there would be a > new user. I'd use "dovelogin", but apparently tools still don't much > like usernames that are longer than 8 characters. Like ps could show > numeric uid instead of 9 character long username. So .. any suggestions? > "dovlogin" could be one possibility I guess. It would be nice if the > name somehow reminded of login processes, but maybe something else could > be used too, like: dovenil, dovenull, dovezero, dovenone, dovevoid, > doveint, dovedown, dovein, dove0-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20100325/dd5ae3c4/attachment-0002.bin>
Timo Sirainen put forth on 3/25/2010 1:30 PM:> I think the next v2.0 release (rc1?) will include the new changed > default_login_user. I'm still not completely sure what it is though. Two > more ideas: > > "dovenest" (by Pascal Volk) - although reminds me a bit too much of > lovenest :) > > "dovehole" - you go inside dovecot via a hole, right?That is downright pornographic. "dovehole" - "lovehole"? "dovenest" isn't totally horrible (close), but "dovehole" is ... just not right at all. -- Stan
Timo Sirainen put forth on 3/27/2010 2:18 AM:> On Sat, 2010-03-27 at 02:10 -0500, Stan Hoeppner wrote: >>> Maybe the native english speakers (and I'd think only a subset of them too). I had never heard of dovetail. >> >> I'm guessing that's because you're not a woodworker, or know any. ;) It's a >> great hobby if you ever found the spare time. > > Sure. But we're talking about UNIX admin kind people here. Somehow I > doubt they spent much attention to woodworking classes at school (we > actually had such classes, and I might know the Finnish word for > dovetail if someone told me it, but I doubt it's common knowledge in > either language).Probably depends on what city/state/province/country as well. I'm in the midwest USA, and alot of people in general, sysadmins or not, are DIY type folks. You grow up on a farm or in a small town and learn a whole lot of non computer stuff (including basic woodworking) before going to college and then to the big city for the sysadmin job. Then you visit mom/dad on the weekends, and they have you rebuilt the kitchen and bathroom. Then you decide to rebuild your own kitchen and bathroom. And then your neighbors find out you know how to do that kind of work and ... you lose a few more weekends. :(>>> I want something that's at least potentially understandable to people who understand english (and not just native speakers). I wouldn't know why some process is owned by user "dovel". That might not even make me realize it's a Dovecot process. >> >> How about "pigeon"? Dovecots house two kinds of birds, doves, and, far more >> often, pigeons. So, pigeon should be the new user name. No one knows what >> the heck a "dovecot" is until they look it up anyway (at least non Scots), >> so using "pigeon" is in keeping with naming your server Dovecot. There. >> Now that that's settled... > > But Dovecot is the name of the software, and admins know that, even if > they have no clue what it means. dove* as the username makes them think > of Dovecot regardless.You think anyone is going to add the user "pigeon" to any groups? I'm thinking that, as with "dovenull", that most would avoid touching "pigeon" at all costs. Then again, some may think their system was hacked, and want to remove the user "pigeon" lol. If your main goal is getting people to leave that user alone, I think pigeon would definitely fit the bill. And it adds a bit of humor to the mix since pigeons tend to crap all over everything. ;)>> dovecot dove-main >> dovecot-auth dove-auth >> imap-login dove-imaplgn >> pop3-login dove-poplgn >> imap dove-imap >> pop3 dove-pop3 >> >> Just a thought. But a nice thought at that. :) > > But you're talking about process names, right? That's already changed in > v2.0. You have one "dovecot" process and everything else is "dovecot/*". > For example: > > root 1840 0.0 0.0 43140 1328 pts/0 S+ 05:02 0:00 /usr/local/sbin/dovecot -F > dovecot 1841 0.0 0.0 30568 976 pts/0 S+ 05:02 0:00 dovecot/anvil > root 1842 0.0 0.0 30676 1120 pts/0 S+ 05:02 0:00 dovecot/log > root 2500 0.0 0.1 38524 2760 pts/0 S+ 08:59 0:00 dovecot/lmtp > root 2501 0.0 0.2 37684 4372 pts/0 S+ 08:59 0:00 dovecot/config > dovecot 2502 0.0 0.1 68500 3112 pts/0 S+ 08:59 0:00 dovecot/authAhh, sw333t! I haven't played with 2.0 yet so I hadn't seen this yet. That's precisely the kinda thing I had in mind. See? Great minds think alike. (most of the time anyway) ;) -- Stan
Am 25.03.2010 19:30, schrieb Timo Sirainen:> I think the next v2.0 release (rc1?) will include the new changed > default_login_user. I'm still not completely sure what it is though. Two > more ideas: > > "dovenest" (by Pascal Volk) - although reminds me a bit too much of > lovenest :) >What about dovedevil and doveangel. Sorry just kidding
On Mar 27, 2010, at 3:59 AM, Timo Sirainen wrote:> On 27.3.2010, at 12.32, Patrick Wallura wrote: > >> What about dovedevil and doveangel. Sorry just kidding > > Even if not, the problem with those is that the name is longer than > 8 characters, which makes them not show up in all ps outputs.doveun or doveup dovecot un-priviledged // Brad