[Slackbuilds-users] UID/GID for another Dovecot case
Mario Preksavec
mario at slackware.hr
Sun Feb 15 03:39:42 UTC 2015
On 02/15/2015 03:36 AM, Rob McGee wrote:
> On Sat, Feb 14, 2015 at 02:21:26PM -0700, Slacker wrote:
>> I am writing a Slackdocs article for setting up a virtual mail
>> server using Postfix, Dovecot and MySQL.
>>
>> In this use case we require a separate non-priv user/group
>> for which the Dovecot documents suggest "vmail" (
>> http://wiki.dovecot.org/VirtualUsers ), and which I have used
>> in my own implementation.
>>
>> This is purely a configuration option and is not required to build
>> the Dovecot package. But it seems to me it is a common enough use
>> case and that having an SBo assigned uid/gid for "vmail" would
>> dovetail nicely with the dovecot docs and simplify virtual mail
>> setup for those building with SBo scripts. It would also simplify
>> my Slackdocs article.
>>
>> So, please consider this a request for either discussion or simply
>> for an assigned uid/gid for a vmail user.
> I never have understood why so many small-time users want to have
> "virtual mail accounts." What is the appeal? "Gee whiz, all I do
> when I add a domain is enter it in mysql." Well, uh, how often do
> you add domains? I can see it if you're a large scale hosting
> provider. Why is that so good if you're not?
>
> In the small-timer case, delivery to system accounts is far more
> powerful and flexible. You can keep all your mail in your $HOME;
> you're able to run commands on certain incoming mail; you have many
> more options for storing and sorting mail.
>
> Furthermore, it's considerably less secure to have all mail under a
> single UID/GID, as most of these virtual/mysql howtos seem to
> advocate. A compromise of that user means all mail is at risk.
> With system users, each recipient has her own UID, and compromises
> are limited.
>
> (Actually that can be done with virtual also; both Postfix and
> Dovecot support map lookups for the UID & GID. But few howtos -- if
> any? I don't think I have seen one -- show how this is done.)
>
> So my concern here is twofold: one, it promotes "virtual mail" to
> users who should not be using it; and two, it promotes the less
> secure means of doing it, under a single UID/GID.
Very well said. I would like to think that vmail *example* group was
intentionally left out from uid_gid.txt to let user take a chunk of
uid/gid mappings and do it properly. I also think that Slackdocs
shouldn't be another copy/paste with a few minor changes; in fact, if
done right it could fill that gap Rob is talking about :-)
--
Mario
More information about the SlackBuilds-users
mailing list