On 6.8.2019 4.20, Tom Diehl via dovecot wrote:
> On Thu, 1 Aug 2019, Timo Sirainen via dovecot wrote:
>
>> On 31 Jul 2019, at 20.45, A. Schulze via dovecot
>> <dovecot@dovecot.org> wrote:
>>>
>>>
>>>
>>> Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
>>>> service lmtp {
>>>> user = vmail
>>>> }
>>>>
>>>> please remove user = vmail from here or change it to root.
>>>>
>>>> for security reasons lmtp service must be started as root since
>>>> version 2.2.36. lmtp will drop root privileges after initialization
>>>> but it needs to open /self/proc/io as root before that.
>>>
>>> Hello Sami,
>>>
>>> I don't read "root is required for lmtp" in
>>> https://wiki.dovecot.org/LMTP#Security neither does
>>> https://dovecot.org/doc/NEWS-2.2 say so.
>>> Could you proof that statement somehow?
>>
>>
>> Alternative is:
>>
>> service lmtp {
>> user = vmail
>> drop_priv_before_exec = yes
>> }
>>
>> I'm not sure if you run into other problems with that.
>
> OK, so now I am confused. At https://wiki.dovecot.org/LMTP#Security it
> says
> "If you're using only a single global UID/GID, you can improve
> security by
> running lmtp processes as that user"
>
> So, if I am using a single UID/GID, then is the above wiki article
> correct or
> do I need to change my config?
>
> Regards,
>
This file is used for stats gathering, so if you are not using stats,
it's not a huge problem. You can probably also use
import_environment = PR_SET_DUMPABLE=1
to get rid of the warning. Although this makes your process less secure
as it can be ptrace'd.
Aki
