On 27.10.2017 12:32, Arkadiusz Miśkiewicz wrote: > On Friday 27 of October 2017, Aki Tuomi wrote: >> On 27.10.2017 11:20, Arkadiusz Miśkiewicz wrote: >>> Hi. >>> >>> What's the approach for securely enabling imap hibernation in case when >>> each user uses different uid and gid? >>> >>> Looks like none and 0666 on hibernation and imap master sockets is the >>> only way? >>> >>> Thanks, >> That's the only way, yes. Hibernation keeps all connections in same >> process. > Couldn't dovecot do setgroups(2) to add additional common group to > imap/hibernation processes and rely on that for access to sockets (sockets > would be root:thatgroup 0660) thus making it a bit more secure? > > Non mail related uids/gids wouldn't have access to sockets that way. > >> Aki
It could. But at the moment it's not, pull request to do this is always welcome. It would also need some way to choose correct socket. Aki
