Rootless Installation ===================== It's possible to make Dovecot run under one UID, not requiring root privileges at any point. This shouldn't be thought of as any security feature, but instead just as a way for non-admins to run IMAP server in their favourite mail server. If you think of this as a good way to achieve security, ask yourself which is worse: a) * very small possibility to get root privileges through Dovecot * small possibility to get into system as nonprivileged dovecot user chrooted into empty directory without logging in * small possibility to get logged user's privileges but no possibility to read others mails since they're saved with different uid (plus you might be chrooted to your own mailbox. b) * absolutely zero possibility to get root privileges through Dovecot * small possibility to get into system as mail user, possibly even without logging in, and being able to read everyone's mail (and finally getting roots by exploiting some local just discovered vulnerability, unless you bothered to set up special chroot environment). Anyway, doing it is easy. Give '--prefix=$HOME' option to 'configure', change 'login_user' and 'auth_user' in configuration file to your user, set 'login_chroot = no', set 'log_path' and 'info_log_path' to where you want logs, and use for example passwd-file authentication. Also you'll have to change 'listen' and 'ssl_listen' settings to include different ports, eg: ---%<------------------------------------------------------------------------- protocol imap { listen = *:14300 ssl_listen = *:14301 .. } protocol pop3 { listen = *:11000 ssl_listen = *:11001 .. } ---%<------------------------------------------------------------------------- (This file was created from the wiki on 2007-06-15 04:42)