Yes, I have read them. I understood there was a problem with authdb=0777, even tough the written instructions in config file actually recommends settings 0777 if you want free userdb lookups:
" # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). " But I did remove authdb=0777 and put it back to 0666. Since the setuid works. I did setuid dovecot-lda to root, and then remove execute permissions from everyone. According to the instructions on this page: https://doc.dovecot.org/main/howto/lda.html#multiple-uids Then I set apache2 to run as group dovecot. It isn't really a big security problem anymore. Apache2 can access all dovecot resources, nothing more. -----Ursprungligt meddelande----- Från: Benny Pedersen via dovecot <[email protected]> Skickat: den 31 oktober 2024 20:43 Till: [email protected] Ämne: Re: Sv: Sv: dovecot-lda from www-data - doesnt work Sebastian Nielsen via dovecot skrev den 2024-10-31 19:55: > Now it FINALLY works! read other mails on maillist, if you belive its good, then you dont know security at all _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
