INSTALL: Added description how to create additional dove* user/group.
`doveauth' user and group for the authentication process and the group
`dovemail' for mail related Dovecot processes.
--- a/Configure.Dovecot_2 Wed Jun 27 20:20:00 2012 +0000
+++ b/Configure.Dovecot_2 Wed Jun 27 21:36:36 2012 +0000
@@ -41,6 +41,7 @@
###
first_valid_gid = 70000
first_valid_uid = 70000
+mail_access_groups = dovemail
mail_location = maildir:~/Maildir
# uncomment if you want to use the quota plugin
@@ -66,7 +67,7 @@
}
service auth {
- user = nobody
+ user = doveauth
unix_listener auth-userdb {
}
unix_listener /var/spool/postfix/private/dovecot-auth {
@@ -78,17 +79,17 @@
service auth-worker {
unix_listener auth-worker {
- user = nobody
+ user = doveauth
group = $default_internal_user
mode = 0660
}
- user = nobody
+ user = doveauth
}
service dict {
unix_listener dict {
- # we need mode 0666, because we have a GID/domain and a UID/user
- mode = 0666
+ group = dovemail
+ mode = 0660
}
}
--- a/INSTALL Wed Jun 27 20:20:00 2012 +0000
+++ b/INSTALL Wed Jun 27 21:36:36 2012 +0000
@@ -23,6 +23,22 @@
[3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)
+Create additionally a user and groups for improved security
+ We will create the system user `doveauth'. This user is used in the
+ authentication process. On a Debian GNU/Linux System use this command:
+
+ adduser --system --home /nonexistent --no-create-home --group \
+ --disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \
+ doveauth
+
+ This will create the doveauth user and group.
+ For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign
+ this group to all Dovecot processes.
+ On a Debian GNU/Linux bases system run:
+
+ addgroup --system dovemail
+
+
Configuring PostgreSQL
(for more details see: http://vmm.localdomain.org/PreparingPostgreSQL)
@@ -96,7 +112,7 @@
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
- user = nobody
+ user = doveauth
socket listen {
master {
path = /var/run/dovecot/auth-master