--- a/src/util/script-login.c	Mon May 09 20:03:24 2011 +0300
+++ b/src/util/script-login.c	Mon May 09 20:11:00 2011 +0300
@@ -22,7 +22,7 @@
 #define SCRIPT_COMM_FD 3
 
 static const char **exec_args;
-static bool drop_privileges = FALSE;
+static bool drop_to_userdb_privileges = FALSE;
 
 static void client_connected(struct master_service_connection *conn)
 {
@@ -119,7 +119,7 @@
 		i_fatal("%s", error);
 	mail_storage_service_restrict_setenv(service_ctx, user);
 
-	if (drop_privileges)
+	if (drop_to_userdb_privileges)
 		restrict_access_by_env(getenv("HOME"), TRUE);
 
 	if (dup2(fd, STDIN_FILENO) < 0)
@@ -190,7 +190,7 @@
 	while ((c = master_getopt(master_service)) > 0) {
 		switch (c) {
 		case 'd':
-			drop_privileges = TRUE;
+			drop_to_userdb_privileges = TRUE;
 			break;
 		default:
 			return FATAL_DEFAULT;
@@ -200,12 +200,20 @@
 	argv += optind;
 
 	master_service_init_log(master_service, "script-login: ");
+
+	if (!drop_to_userdb_privileges &&
+	    (flags & MASTER_SERVICE_FLAG_STANDALONE) == 0) {
+		/* drop to privileges defined by service settings */
+		restrict_access_by_env(NULL, FALSE);
+	}
+
 	master_service_init_finish(master_service);
 	master_service_set_service_count(master_service, 1);
 
-	if ((flags & MASTER_SERVICE_FLAG_STANDALONE) != 0)
+	if ((flags & MASTER_SERVICE_FLAG_STANDALONE) != 0) {
+		/* The last post-login script is calling us to finish login */
 		script_execute_finish();
-	else {
+	} else {
 		if (argv[0] == NULL)
 			i_fatal("Missing script path");
 		exec_args = i_new(const char *, argc + 2);