# HG changeset patch
# User Pascal Volk <user@localhost.localdomain.org>
# Date 1340832996 0
# Node ID 55148bc6348ef21432a2124c0554072523760edd
# Parent  b17a9d7a59aedea37f219d30fc54ccfb5e5ca3ce
INSTALL: Added description how to create additional dove* user/group.
`doveauth' user and group for the authentication process and the group
`dovemail' for mail related Dovecot processes.

diff -r b17a9d7a59ae -r 55148bc6348e Configure.Dovecot_2
--- a/Configure.Dovecot_2	Wed Jun 27 20:20:00 2012 +0000
+++ b/Configure.Dovecot_2	Wed Jun 27 21:36:36 2012 +0000
@@ -41,6 +41,7 @@
 ###
 first_valid_gid = 70000
 first_valid_uid = 70000
+mail_access_groups = dovemail
 mail_location = maildir:~/Maildir
 
 # uncomment if you want to use the quota plugin
@@ -66,7 +67,7 @@
 }
 
 service auth {
-  user = nobody
+  user = doveauth
   unix_listener auth-userdb {
   }
   unix_listener /var/spool/postfix/private/dovecot-auth {
@@ -78,17 +79,17 @@
 
 service auth-worker {
   unix_listener auth-worker {
-    user = nobody
+    user = doveauth
     group = $default_internal_user
     mode = 0660
   }
-  user = nobody
+  user = doveauth
 }
 
 service dict {
   unix_listener dict {
-    # we need mode 0666, because we have a GID/domain and a UID/user
-    mode = 0666
+    group = dovemail
+    mode = 0660
   }
 }
 
diff -r b17a9d7a59ae -r 55148bc6348e INSTALL
--- a/INSTALL	Wed Jun 27 20:20:00 2012 +0000
+++ b/INSTALL	Wed Jun 27 21:36:36 2012 +0000
@@ -23,6 +23,22 @@
 [3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)
 
 
+Create additionally a user and groups for improved security
+  We will create the system user `doveauth'. This user is used in the
+  authentication process. On a Debian GNU/Linux System use this command:
+
+	adduser --system --home /nonexistent --no-create-home --group \
+	--disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \
+	doveauth
+
+  This will create the doveauth user and group.
+  For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign
+  this group to all Dovecot processes.
+  On a Debian GNU/Linux bases system run:
+
+	addgroup --system dovemail
+
+
 Configuring PostgreSQL
 (for more details see: http://vmm.localdomain.org/PreparingPostgreSQL)
 
@@ -96,7 +112,7 @@
       userdb sql {
         args = /etc/dovecot/dovecot-sql.conf
       }
-      user = nobody
+      user = doveauth
       socket listen {
         master {
           path = /var/run/dovecot/auth-master