I think the next v2.0 release (rc1?) will include the new changed default_login_user. I'm still not completely sure what it is though. Two more ideas:
"dovenest" (by Pascal Volk) - although reminds me a bit too much of lovenest :) "dovehole" - you go inside dovecot via a hole, right? On Sat, 2010-01-23 at 14:51 +0200, Timo Sirainen wrote: > Any thoughts on this: > > The primary use for "dovecot" user has been for login processes. But > people keep misunderstanding this and try to use dovecot for accessing > mails. For years I've been wondering about renaming this user to > something else like dovelogin, but it never really seemed practical. > > So now with v2.0 there are a bunch of new processes, and for example > anvil and dict are now run as dovecot user by default. But it's not > really good that login processes can just go and kill those processes. > And even worse, if drop_priv_before_exec=yes they could ptrace these > processes. > > So I think we need two Dovecot users for v2.0: > > 1. Completely untrusted user for login processes. > 2. Slightly more trusted internal Dovecot user. > > So "dovecot" could be reused for 2. And it would no longer be a mortal > sin to use dovecot user for owning mail files. For 1. there would be a > new user. I'd use "dovelogin", but apparently tools still don't much > like usernames that are longer than 8 characters. Like ps could show > numeric uid instead of 9 character long username. So .. any suggestions? > "dovlogin" could be one possibility I guess. It would be nice if the > name somehow reminded of login processes, but maybe something else could > be used too, like: dovenil, dovenull, dovezero, dovenone, dovevoid, > doveint, dovedown, dovein, dove0
signature.asc
Description: This is a digitally signed message part
