dovecot: dovenull user should have its own group.

Quoting from https://wiki.dovecot.org/UserIds#dovenulluser: "It should belong to its own private dovenull group where no one else belongs to..."
2018-10-22 13:57:32 -04:00 · 2018-10-22 13:57:32 -04:00 · fa388534e4
parent 01fcaf8d29
commit fa388534e4
2 changed files with 6 additions and 2 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -385,7 +385,7 @@
      virtuoso = 44;
      #rtkit = 45; # unused
      dovecot2 = 46;
-      #dovenull = 47; # unused
+      dovenull2 = 47;
      prayer = 49;
      mpd = 50;
      clamav = 51;
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@ -311,7 +311,7 @@ in
      { name = "dovenull";
        uid = config.ids.uids.dovenull2;
        description = "Dovecot user for untrusted logins";
-        group = cfg.group;
+        group = "dovenull";
      }
    ] ++ optional (cfg.user == "dovecot2")
         { name = "dovecot2";
@ -332,6 +332,10 @@ in
      }
    ++ optional (cfg.createMailUser && cfg.mailGroup != null)
      { name = cfg.mailGroup;
+      }
+    ++ singleton
+      { name = "dovenull";
+        gid = config.ids.gids.dovenull2;
      };

    environment.etc."dovecot/modules".source = modulesDir;