Hi Apollon, On Mon, 26 Nov 2018 12:57:08 +0200, Apollon Oikonomopoulos <apoi...@debian.org> wrote:
> On 11:29 Mon 26 Nov , Marcus Frings wrote: > > But do you think that this is the way to go (to add ordinary users > > to the dovecot group)? > > It all comes down to the following question: do we trust everyone on > the system to submit dovecot stats or not? For some people it might > be okay to just change permissions to 0666. OTOH, upstream seems to > be more conservative about this. > > Regarding the dovecot group, upstream notes the following: > > commit 5cf6951e37bd37bb11b3335a3dbd029065143454 > Author: Timo Sirainen <timo.sirai...@dovecot.fi> > Date: Wed Feb 7 13:03:23 2018 +0200 > > master: Add default_internal_group setting, defaulting to > "dovecot" > It's expected that this is the primary group of the > default_internal_user. > This group will be used to provide access to sockets that are > generally required by all Dovecot processes, but aren't safe enough > to be allowed completely open access from untrusted processes. > > So, it looks like the intention is precisely to allow more > fine-grained access control for certain sockets. Yes, I agree and see your point. Thanks for the additional information by providing the upstream commit notes with respect to this issue. So maybe it's the best solution to add a few lines to README.Debian as you initially suggested. Best regards, Marcus
pgpCl4YtEeUeK.pgp
Description: OpenPGP digital signature