From 6b83c2bb0f4dbc6ce4a5fcd7648b4ecf2e63e315 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Fri, 22 Jul 2022 20:37:04 +0100
Subject: [PATCH] see https://github.com/postfixadmin/postfixadmin/issues/640 -
 password expiration doc update

---
 DOCUMENTS/Password_Expiration.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/DOCUMENTS/Password_Expiration.md b/DOCUMENTS/Password_Expiration.md
index c5848a99..8e4db387 100644
--- a/DOCUMENTS/Password_Expiration.md
+++ b/DOCUMENTS/Password_Expiration.md
@@ -64,7 +64,11 @@ password = secret
 host = hostname
 ```
 
-Edit this file to enter a DB user that is allowed to access (read-write) your database. This file should be protected from any user (chmod 400).
+Edit this file to enter a DB user that is allowed to access (read only) your database. 
+
+You could create a new MySQL user with only SELECT permission on mailbox.username and mailbox.password_expiry.
+
+This file should be protected from other users (e.g. chmod 400).
 
 ### Expiration Script 
 
@@ -75,6 +79,7 @@ Edit this file to enter a DB user that is allowed to access (read-write) your da
 
 # Be careful who you run this script as; other system users may be able to write to the postfixadmin database, inject 
 # malicious data into e.g. mailbox.username and then be able to execute commands as the user running this script.
+
 # So, please try to avoid running this script as root.
 
 POSTFIX_DB="postfixadmin"