Dovecot as LDA from within exim -- config permissions.
Andreas Metzler
ametzler at downhill.at.eu.org
Sun Apr 27 08:43:11 UTC 2008
On 2008-04-27 Andreas Metzler <ametzler at downhill.at.eu.org> wrote:
> Vn 2008-04-27 Fabio Tranchitella <kobold at kobold.it> wrote:
> > * 2008-04-27 09:03, Andreas Metzler wrote:
> > > Hello,
> > > is there a reason why dovecot.conf is not 0644 root:root like any other
> > > configuration file? It does not contain passwords usually.
[...]
> It *already* is shipped 0644 in sid:
[...]
> It might not be intenional, though. Quoting dovecot-common.postinst:
> ------------------------------
> if [ "$1" = "configure" ]; then
> for conffile in dovecot.conf dovecot-ldap.conf dovecot-sql.conf ; do
> [...]
> if [ "$conffile" != "dovecot.conf" ] && [ -f "$conffile" ]; then
> chmod 0600 /etc/dovecot/$conffile
> fi
> done
> -----------------------------
I see why this a noop-code. [ -f "$conffile" ] is false, unless
you run the code in /etc/dovecot. The code probably (tries to)
makes -ldap and sql 0600 since the LDAP/SQL access passwords might be
set in the file.
I also think you'll need to be more careful to make sure the file is
never 0644, when ucf plays with it, see e.g. the copy of the file in
/var/lib/ucf/cache.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list