Rootless Installation
=====================

It's possible to make Dovecot run under one UID, not requiring root privileges
at any point. This shouldn't be thought of as any security feature, but instead
just as a way for non-admins to run IMAP server in their favourite mail server.

If you think of this as a good way to achieve security, ask yourself which is
worse:

a)

 * very small possibility to get root privileges through Dovecot
 * small possibility to get into system as nonprivileged dovecot user chrooted
   into empty directory without logging in
 * small possibility to get logged user's privileges but no possibility to read
   others mails since they're saved with different uid (plus you might be
   chrooted to your own mailbox.

b)

 * absolutely zero possibility to get root privileges through Dovecot
 * small possibility to get into system as mail user, possibly even without
   logging in, and being able to read everyone's mail (and finally getting
   roots by exploiting some local just discovered vulnerability, unless you
   bothered to set up special chroot environment).

Anyway, doing it is easy. Give '--prefix=$HOME' option to 'configure', change
'login_user' and 'auth_user' in configuration file to your user, set
'login_chroot = no', set 'log_path' and 'info_log_path' to where you want logs,
and use for example passwd-file authentication. Also you'll have to change
'listen' and 'ssl_listen' settings to include different ports, eg:

---%<-------------------------------------------------------------------------
protocol imap {
  listen = *:14300
  ssl_listen = *:14301
  ..
}
protocol pop3 {
 listen = *:11000
  ssl_listen = *:11001
 ..
}
---%<-------------------------------------------------------------------------

(This file was created from the wiki on 2007-06-15 04:42)