[Slackbuilds-users] UID/GID for another Dovecot case

Sun Feb 15 23:20:48 UTC 2015

On 02/14/2015 08:39 PM, Mario Preksavec wrote:
> On 02/15/2015 03:36 AM, Rob McGee wrote:
>> On Sat, Feb 14, 2015 at 02:21:26PM -0700, Slacker wrote:
>>> I am writing a Slackdocs article for setting up a virtual mail
>>> server using Postfix, Dovecot and MySQL.
>>>
>>> In this use case we require a separate non-priv user/group
>>> for which the Dovecot documents suggest "vmail" (
>>> http://wiki.dovecot.org/VirtualUsers ), and which I have used
>>> in my own implementation.
>>>
>>> This is purely a configuration option and is not required to build
>>> the Dovecot package. But it seems to me it is a common enough use
>>> case and that having an SBo assigned uid/gid for "vmail" would
>>> dovetail nicely with the dovecot docs and simplify virtual mail
>>> setup for those building with SBo scripts. It would also simplify
>>> my Slackdocs article.
>>>
>>> So, please consider this a request for either discussion or simply
>>> for an assigned uid/gid for a vmail user.
>> I never have understood why so many small-time users want to have
>> "virtual mail accounts."  What is the appeal?  "Gee whiz, all I do
>> when I add a domain is enter it in mysql."  Well, uh, how often do
>> you add domains?  I can see it if you're a large scale hosting
>> provider.  Why is that so good if you're not?
>>
>> In the small-timer case, delivery to system accounts is far more
>> powerful and flexible.  You can keep all your mail in your $HOME;
>> you're able to run commands on certain incoming mail; you have many
>> more options for storing and sorting mail.
>>
>> Furthermore, it's considerably less secure to have all mail under a
>> single UID/GID, as most of these virtual/mysql howtos seem to
>> advocate.  A compromise of that user means all mail is at risk.
>> With system users, each recipient has her own UID, and compromises
>> are limited.
>>
>> (Actually that can be done with virtual also; both Postfix and
>> Dovecot support map lookups for the UID & GID.  But few howtos -- if
>> any?  I don't think I have seen one -- show how this is done.)
>>
>> So my concern here is twofold: one, it promotes "virtual mail" to
>> users who should not be using it; and two, it promotes the less
>> secure means of doing it, under a single UID/GID.
>
> Very well said. I would like to think that vmail *example* group was
> intentionally left out from uid_gid.txt to let user take a chunk of
> uid/gid mappings and do it properly. I also think that Slackdocs
> shouldn't be another copy/paste with a few minor changes; in fact, if
> done right it could fill that gap Rob is talking about :-)
>

Well, I can't speak for anyone else, but my own Slackdocs article (my 
first there too by the way) is certainly not copy/paste. I am trying to 
make it a genuine "how to" which will liberally include the "why to" - 
something I could not find anywhere when I started this exercise!

But I will certainly want to consider some changes and additions based 
on comments in replies to my question here - thanks to all!

Robert