Dnia 20.08.2022 o godz. 19:34:03 Jaroslaw Rafa pisze:
> I have one more question regarding this.
>
> My service needs to access the socket /var/run/dovecot/anvil. The problem is
> that this socket (at least on my system) has permissions only for root:
>
> srw------- 1 root root 0 May 22 2020 /var/run/dovecot/anvil
>
> And I don't think it's a good idea to run my service as root. Is it possible
> to add permission to this socket for another user? If yes, what should I
> change in Dovecot config?
Well, documentation is not very clear on this, but by trial and error I was
able to change /var/run/dovecot/anvil socket permissions to:
srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil
by putting the following lines into Dovecot configuration:
# this is needed for Postfix IMAP-before-SMTP policy service to access anvil
service anvil {
unix_listener anvil {
user = root
group = dovecot
mode = 0660
}
}
Then my service can run under the user "dovecot" and access anvil.
So I'd like to ask - do I create any security risk by changing the anvil
socket permissions like above and running my service under "dovecot" user?
Or is it better that I create a special user dedicated only for this service
and run the service under that user?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
