Given the dominance of that mail server on the internet, it seems to be a go-to solution for many, just like Ubuntu, referred here above, is; so I wouldn't expect it to be replaced on Cloudron anytime soon.

Given the self-confidence of the authors, that claims that running from root is not a big deal and not providing any easily ready to use solution, I doubt that many will go extra mile to implement that on they own; given Cloudron limited resources and luck of advertising and hence focus to be security first platform, dovecot processes will remain to be running as root.

From the positive side, root owned processes are not opening any network port, so direct exploitation would be problematic.

Hope that would be of help.

@necrevistonnezr this may be more of a case of slightly different priorities and taste, servers running software (and exposed to the internet) are never 100% secure, so hardening is always a bit of an ongoing process which can be as detailed as one wants. We try to strike some balance on Cloudron side, to keep things maintainable and updatable also.

Thanks again - that makes perfect sense.
If I may ask - did you consider other alternatives? If so - what did you rejected and why? Would you choose Dovecot again now?

Feel free to ignore my questions - that's definitely outside of the scope of the platform, would appreciate if you could share some piece of wisdom thought!

But anyway, this is tiring. Checking out.

Can't recall I've been begging you to join and participate in the discussion... In case if I did, sure - don't hesitate to explore things around - it's so much better without some kind of knowledge (and it's not a joke).

@nebulon , got it, it's a pity. I would rather have all processes in Docker (including nginx) running as non-root.
But probably it's a subject for another project 'Hardened Cloudron', that doesn't seem to be in high demand, so from the product perspective I understand your choice - thanks for letting me know it!

I recall trying to run it as normal user but it's not worth it. It wants to access many different users (the mailbox user, the dovecot user, then permissions to intercommunicate between processes etc). So, we decided to go with what the distro guys (ubuntu) decided for us.

@girish said in Why running dovecot as root?:

I think dovecot wants to be run as root. See first line in https://doc.dovecot.org/2.3/admin_manual/running_dovecot/ . On ubuntu, it's packaged as such as well (/usr/sbin/dovecot) . dovecot automatically steps down permissions as needed. It's a complex program having many binaries. You will also see other programs run as dovecot user with ps aux output.

There is something doesn't add up for me in they way of thinking. For me - a good security rule - it's to minimize attack surface, since you can never know. That is the approach of OpenBSD system, for example. Separate, minimize exposure, etc.

For me the quote you mentioned only speaks about self-posed mindset limit.

It's like saying that you don't need airbags on the car, as usually people doesn't get in the car crash, and if they would - a seatbelt would be sufficient.

It’s possible to make Dovecot run under a single system user without requiring root privileges at any point. This shouldn’t be thought of as a security feature, but instead simply as a way for non-admins to run Dovecot in their favorite mail server.

Dovecot can simply be started by running dovecot as root.

can != must for me.

There is something doesn't add up for me in they way of thinking. For me - a good security rule - it's to minimize attack surface, since you can never know. That is the approach of OpenBSD system, for example. Separate, minimize exposure, etc.

Dovecot has a guide on how to run in non-root: https://doc.dovecot.org/2.3/configuration_manual/howto/rootless/

At the begging they give very strange comment about a necessity to choose between chroot-ed and non-chroot-ed environment, while giving permissions to chroot without root in the section to follow.

Anyway - do you believe the manual from that link could be of any help?

Even on official Docker docs (for example) says:

Docker will run commands as the root user, which can pose significant security risks.

I recall trying to run it as normal user but it's not worth it. It wants to access many different users (the mailbox user, the dovecot user, then permissions to intercommunicate between processes etc). So, we decided to go with what the distro guys (ubuntu) decided for us.