Mercurial Mercurial > vmm / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/web/source/installation/system_preparation.rst
changeset 760 b678a1c43027
parent 748 659c4476c57c
child 761 e4e656f19771 
--- a/doc/web/source/installation/system_preparation.rst	Mon Mar 24 19:22:04 2014 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-==================
-System Preparation
-==================
-.. _doveauth:
-
-We have to create a system user, named `doveauth`.
-The `doveauth` user will execute Dovecot's authentication processes.
-
-We will also create an additional system group, named `dovemail`.
-The GID of the group `dovemail` will be the supplementary GID for all
-mail related Dovecot processes, e.g. the `dict` service for quota limits.
-
-And finally we will create the ``base_directory``, with it's subdirectories.
-It is the location for all domain directories and the virtual user's home
-directories.
-
-The example below shows the steps executed on a Debian GNU/Linux system.
-
-.. code-block:: console
-
- root@host:~# adduser --system --home /nonexistent --no-create-home --group \
- > --disabled-login --gecos "Dovecot IMAP/POP3 authentication user" doveauth
- root@host:~# addgroup --system dovemail
- root@host:~# mkdir /srv/mail
- root@host:~# cd /srv/mail
- root@host:/srv/mail# mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
- root@host:/srv/mail# chmod 771 /srv/mail
- root@host:/srv/mail# chmod 751 /srv/mail/*
-
-.. _root-setuid-copy-of-deliver:
-
-root SETUID copy of deliver
----------------------------
-.. note:: This step is only necessary if you are still using Dovecot v\ **1**.x
-
-For security reasons the permissions in the domain/user directories will
-be very restricted.
-Each user will get its own unique UID_ and the GID_ from the domain.
-So it will be only possible for a user of the domain to access the domain
-directory (read only) and the user will get granted read write access only
-for its home directory.
-
-For this reason it is necessary to provide a setuid_-root copy of Dovecot's
-LDA_ (:command:`deliver`) for Postfix.
-Because Postfix will refuse to execute commands with root privileges, or
-with the privileges of the mail system owner (normally `postfix`) you should
-`nobody` let do the job.
-Therefore the permissions will be set very restrictive again.
-Only `nobody` will be able to execute the setuid-root copy of
-:command:`deliver`.
-
-.. code-block:: console
-
- root@host:~# mkdir -p /usr/local/lib/dovecot
- root@host:~# chmod 700 /usr/local/lib/dovecot
- root@host:~# chown nobody /usr/local/lib/dovecot
- root@host:~# cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
- root@host:~# chown root:`id -g nobody` /usr/local/lib/dovecot/deliver
- root@host:~# chmod u+s,o-rwx /usr/local/lib/dovecot/deliver
-
-.. include:: ../ext_references.rst
vmm

Repositories index