I know I'm missing something, but I can't get courier-imap
to function as a non-root user.
I can run it as user imap (unique uid/gid, standard service
account stuff) using the -user option in the config file.
However, at that point the server does not know how to read
users' mail. Mail is delivered mode 600, owned by the user.
If I change it so that everything in the maildir hierarchy
is also owned by group imap, the server still dies -- syslog
error messages are of the form:
Jan 1 17:45:53 lart imapd: setgid: Operation not permitted
I changed the gid of the user to the same as imap in the userdb
database -- the messages changed to the form:
Jan 1 18:29:51 lart imapd: setuid: Operation not permitted
So, the question is twofold: First, does anyone actually run
courier-imap as a non-root user in production? Second, and
more important, is it possible to do this using userdb
authentication? I expect that if the entire mail hierarchy
were owned by the imap daemon, things would be fine. However,
userdb authentication will not allow everyone to have the
same uid (something that I assume could be done with a back-end
such as mysql or ldap).