I set the Postfix so that my mailboxes (maildir format) for my virtual users are set like this:
┌───┐ │ # │ root > myserver > ~ └─┬─┘ └─> ls -l /var/mail/ total 4 drwxr-sr-x 5 postfix postfix 4096 Dec 2 12:27 pistam.eu ┌───┐ │ # │ root > myserver > ~ └─┬─┘ └─> ls -l /var/mail/domain.eu/ total 12 drwx--S--- 5 postfix postfix 4096 Dec 2 12:10 user_1 drwx--S--- 5 postfix postfix 4096 Dec 1 22:35 user_2 ┌───┐ │ # │ root > myserver > ~ └─┬─┘ └─> ls -l /var/mail/domain.eu/user_1/ total 12 drwx--S--- 2 postfix postfix 4096 Dec 2 12:27 cur drwx--S--- 2 postfix postfix 4096 Dec 13 15:17 new drwx--S--- 2 postfix postfix 4096 Dec 13 15:17 tmp
Now I am setting up Dovecot server (IMAPS/SASL) and I want to use one system user that will manage all the mailboxes for all the Postfix virtual users. I saw many articles where administrators create user
vmail like e.g.:
# useradd -r -m -d /home/vmail vmail
and they use it as the default Dovecot user by setting these two lines in
mail_access_groups = vmail default_login_user = vmail
But in my case group
postfix has "setuid" bit which means that these folders will always be manipulated by user
So what is the point in creating user
vmail? Why not just using user
postfix for Dovecot to do that instead? Are there any risks doing this? There are also these two users that Dovecot installation procedure created:
┌───┐ │ # │ root > myserver > ~ └─┬─┘ └─> cat /etc/passwd | grep dove dovecot:x:112:118:Dovecot mail server,,,:/usr/lib/dovecot:/usr/sbin/nologin dovenull:x:113:119:Dovecot login user,,,:/nonexistent:/usr/sbin/nologin
Why not use one of those? There are also these two hints in the configuration file
# Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot
It’s the principle of separation of concerns, which here has security benefits.
After you give the responsibility to deliver mail to dovecot, it is no longer the responsibility of postfix, so postfix does not need that access.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.