Hello, I asked about this a few days ago, but since nobody answered in that thread, I'd like to bring it up again as a separate thread. Maybe somebody answers...
I have written a policy service for Postfix that checks whether the connecting IP address has currently an IMAP session open. For this, it needs to access the socket /var/run/dovecot/anvil. But by default, this socket is accessible only for root, and I obviously DON'T want my service to run as root: srw------- 1 root root 0 May 22 2020 /var/run/dovecot/anvil By modifying Dovecot configuration I was able to chnge the permissions on that socket to: srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil Then my service can run under the user "dovecot" and access the socket. Here's my question: did I create any security risk by changing the socket permissions like above and running my service under "dovecot" user? Or will it be better that I create a special user dedicated only for this service and run the service under that user? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."