Mercurial > dovecot > core-2.2
changeset 12889:bd869a7053c5
Changed auth-userdb socket's default permissions to 0666.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 05 Apr 2011 12:44:21 +0300 |
parents | 03b8a8fe1959 |
children | 6f0396e35fd9 |
files | doc/example-config/conf.d/10-master.conf src/auth/auth-settings.c |
diffstat | 2 files changed, 14 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/example-config/conf.d/10-master.conf Tue Apr 05 12:28:32 2011 +0300 +++ b/doc/example-config/conf.d/10-master.conf Tue Apr 05 12:44:21 2011 +0300 @@ -74,12 +74,20 @@ service auth { # auth_socket_path points to this userdb socket by default. It's typically - # used by dovecot-lda, doveadm, possibly imap process, etc. Its default - # permissions make it readable only by root, but you may need to relax these - # permissions. Users that have access to this socket are able to get a list - # of all usernames and get results of everyone's userdb lookups. + # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have + # full permissions to this socket are able to get a list of all usernames and + # get the results of everyone's userdb lookups. + # + # The default 0666 mode allows anyone to connect to the socket, but the + # userdb lookups will succeed only if the userdb returns an "uid" field that + # matches the caller process's UID. Also if caller's uid or gid matches the + # socket's uid or gid the lookup succeeds. Anything else causes a failure. + # + # To give the caller full permissions to lookup all users, set the mode to + # something else than 0666 and Dovecot lets the kernel enforce the + # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { - #mode = 0600 + #mode = 0666 #user = #group = }
--- a/src/auth/auth-settings.c Tue Apr 05 12:28:32 2011 +0300 +++ b/src/auth/auth-settings.c Tue Apr 05 12:44:21 2011 +0300 @@ -19,7 +19,7 @@ { "login/login", 0666, "", "" }, { "auth-login", 0600, "$default_internal_user", "" }, { "auth-client", 0600, "", "" }, - { "auth-userdb", 0600, "", "" }, + { "auth-userdb", 0666, "", "" }, { "auth-master", 0600, "", "" } }; static struct file_listener_settings *auth_unix_listeners[] = {