--- a/dovecot-example.conf	Mon Jan 27 04:05:32 2003 +0200
+++ b/dovecot-example.conf	Mon Jan 27 04:42:02 2003 +0200
@@ -63,10 +63,12 @@
 ## Login process
 ##
 
-# Executable location
+# Executable location.
 #login_executable = /usr/libexec/dovecot/imap-login
 
-# User to use for imap-login process
+# User to use for imap-login process. The user must belong to a group
+# where only it has access, it's used to control access for authentication
+# process named sockets.
 #login_user = imapd
 
 # Set max. process size in megabytes. If you don't use

--- a/src/master/auth-process.c	Mon Jan 27 04:05:32 2003 +0200
+++ b/src/master/auth-process.c	Mon Jan 27 04:42:02 2003 +0200
@@ -272,7 +272,7 @@
 	/* create socket for listening auth requests from imap-login */
 	path = t_strconcat(set_login_dir, "/", config->name, NULL);
 	(void)unlink(path);
-        (void)umask(0177); /* we want 0600 mode for the socket */
+        (void)umask(0117); /* we want 0660 mode for the socket */
 
 	listen_fd = net_listen_unix(path);
 	if (listen_fd < 0)
@@ -281,7 +281,7 @@
 	i_assert(listen_fd > 2);
 
 	/* set correct permissions */
-	if (chown(path, set_login_uid, set_login_gid) < 0) {
+	if (chown(path, geteuid(), set_login_gid) < 0) {
 		i_fatal("login: chown(%s, %s, %s) failed: %m",
 			path, dec2str(set_login_uid), dec2str(set_login_gid));
 	}

--- a/src/master/settings.c	Mon Jan 27 04:05:32 2003 +0200
+++ b/src/master/settings.c	Mon Jan 27 04:42:02 2003 +0200
@@ -273,9 +273,10 @@
 	if (unlink_directory(set_login_dir, FALSE) < 0)
 		i_fatal("unlink_directory() failed for %s: %m", set_login_dir);
 
-	if (safe_mkdir(set_login_dir, 0700, set_login_uid, set_login_gid) == 0)
+	if (safe_mkdir(set_login_dir, 0750, geteuid(), set_login_gid) == 0) {
 		i_warning("Corrected permissions for login directory %s",
 			  set_login_dir);
+	}
 
 	if (set_max_imap_processes < 1)
 		i_fatal("max_imap_processes must be at least 1");