dovecot - Jun 2011 - 2.0: deliver run from multiple uids and configuration files

I'm trying to run deliver from exim transport in a way that it doesn't
need to
query userdb AND doesn't need to read configuration files.

The problem is that config files are readable for root only and if I run 
deliver with multiple UIDs then I would have to allow reading config files for 
everyone. Of course that's not a option because configs contain database 
passwords and such stuff.

I wonder if it is possible to avoid reading config files by deliver?

The only solution I see it to run deliver via sudo which doesn't look nice.

-- 
Arkadiusz Mi?kiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

On Thu, 2011-06-02 at 23:20 +0200, Arkadiusz Miskiewicz
wrote:
> I'm trying to run deliver from exim transport in a way that it
doesn't need to
> query userdb AND doesn't need to read configuration files.
> 
> The problem is that config files are readable for root only and if I run 
> deliver with multiple UIDs then I would have to allow reading config files
for
> everyone. Of course that's not a option because configs contain
database
> passwords and such stuff.
Database passwords should be in in the dovecot-sql.conf.ext or
something, which LDA (or doveconf, really) doesn't even try to read.

If there are other secrets, you could put them to a separate file, which
you:

!include_try /etc/dovecot/secrets.conf

LDA will just ignore it.
> I wonder if it is possible to avoid reading config files by deliver?
With -O parameter it doesn't read config, but I don't really recommend
that..