# umask to use for mail files and directories
#umask = 0077
+# Drop all privileges before exec()ing the mail process. This is mostly
+# meant for debugging, otherwise you don't get core dumps. Note that setting
+# this to yes means that log file is opened as the logged in user, which
+# might not work. It could also be a small security risk if you use single UID
+# for multiple users, as the users could ptrace() each others processes then.
+#mail_drop_priv_before_exec = no
+
##
## IMAP process
##
any errors above will be logged */
closelog();
+ if (set->mail_drop_priv_before_exec)
+ restrict_access_by_env(TRUE);
+
/* hide the path, it's ugly */
argv[0] = strrchr(executable, '/');
if (argv[0] == NULL) argv[0] = executable; else argv[0]++;
{
i_warning("SIGHUP received - reloading configuration");
- master_settings_read(configfile);
-
/* restart auth and login processes */
login_processes_destroy_all();
auth_processes_destroy_all();
+
+ master_settings_read(configfile);
}
static const char *get_exit_status_message(enum fatal_exit_status status)
DEF(SET_INT, mbox_dotlock_change_timeout),
DEF(SET_BOOL, overwrite_incompatible_index),
DEF(SET_INT, umask),
+ DEF(SET_BOOL, mail_drop_priv_before_exec),
/* imap */
DEF(SET_STR, imap_executable),
MEMBER(mbox_dotlock_change_timeout) 30,
MEMBER(overwrite_incompatible_index) FALSE,
MEMBER(umask) 0077,
+ MEMBER(mail_drop_priv_before_exec) FALSE,
/* imap */
MEMBER(imap_executable) PKG_LIBEXECDIR"/imap",
unsigned int mbox_dotlock_change_timeout;
int overwrite_incompatible_index;
unsigned int umask;
+ int mail_drop_priv_before_exec;
/* imap */
const char *imap_executable;
projects / thirdparty / dovecot / core.git / commitdiff
