[Slackbuilds-users] UID/GID for another Dovecot case
rob0 at slackbuilds.org
Sun Feb 15 02:36:39 UTC 2015
On Sat, Feb 14, 2015 at 02:21:26PM -0700, Slacker wrote:
> I am writing a Slackdocs article for setting up a virtual mail
> server using Postfix, Dovecot and MySQL.
> In this use case we require a separate non-priv user/group
> for which the Dovecot documents suggest "vmail" (
> http://wiki.dovecot.org/VirtualUsers ), and which I have used
> in my own implementation.
> This is purely a configuration option and is not required to build
> the Dovecot package. But it seems to me it is a common enough use
> case and that having an SBo assigned uid/gid for "vmail" would
> dovetail nicely with the dovecot docs and simplify virtual mail
> setup for those building with SBo scripts. It would also simplify
> my Slackdocs article.
> So, please consider this a request for either discussion or simply
> for an assigned uid/gid for a vmail user.
I never have understood why so many small-time users want to have
"virtual mail accounts." What is the appeal? "Gee whiz, all I do
when I add a domain is enter it in mysql." Well, uh, how often do
you add domains? I can see it if you're a large scale hosting
provider. Why is that so good if you're not?
In the small-timer case, delivery to system accounts is far more
powerful and flexible. You can keep all your mail in your $HOME;
you're able to run commands on certain incoming mail; you have many
more options for storing and sorting mail.
Furthermore, it's considerably less secure to have all mail under a
single UID/GID, as most of these virtual/mysql howtos seem to
advocate. A compromise of that user means all mail is at risk.
With system users, each recipient has her own UID, and compromises
(Actually that can be done with virtual also; both Postfix and
Dovecot support map lookups for the UID & GID. But few howtos -- if
any? I don't think I have seen one -- show how this is done.)
So my concern here is twofold: one, it promotes "virtual mail" to
users who should not be using it; and two, it promotes the less
secure means of doing it, under a single UID/GID.
Rob McGee - /dev/rob0 - rob0 at slackbuilds.org
More information about the SlackBuilds-users