System-user-controllable custom passwords and mail locations

Michal Petrucha michal.petrucha at koniiiik.org
Sat Dec 12 00:08:33 UTC 2015


Hello everyone,

I'd like to set up dovecot so that it uses the standard system
accounts, but with different passwords specific to email. Seems like a
fairly common setup, but the catch is, I want the users to be able to
set their passwords themselves, without needing any assistance from a
server administrator. I'm wondering what's the easiest way of
implementing this.

From what I've understood, this requirement would probably rule out a
separate passwd-file (since the standard Linux passwd doesn't seem to
support using a custom passwd file), SQL, flat-file dict, and Redis
(since you can't give users access only to their row, or dict key;
it's either the entire database (or flat file), or nothing).

(Of course, I could work around that limitation by writing a C program
that I would install as SUID root, which would only change the
invoking user's password, but I'd prefer not to start dumping
arbitrary SUID binaries all over the place.)

So, that would probably only leave me with LDAP, checkpassword, and
the FS dict backend.

I can imagine how I could get LDAP to do this -- add some extra
attribute for each user, and put together a simple script to change
passwords, say, in Python, that would bind as the user and write the
new password. However, this would require me to store the system user
account database in LDAP, which is kind of overkill on at least one of
the servers I want this setup on, where I know for certain that there
won't ever be more than a handful of users.

Checkpassword would probably work, too; perhaps by looking into some
file in the user's $HOME or such. I'm not entirely certain about the
security, or performance implications of that approach.

With the FS dict backend, I could probably point it to a directory, in
which every user would own a file containing their password, that no
one else could write to. I haven't been able to find any more details
about the structure of this directory hierarchy, though, or the
contents of the individual files, so I don't know whether this is a
viable approach, or not.

My questions are, then: Is there some other way of implementing
separate passwords that the users can set themselves that I'm
overlooking? Is one of the three approaches described above a bad idea
for some reason I don't see? Is there some kind of “standard solution”
to this problem?


The other thing I wanted to ask about is marginally related; I'd like
to be able to allow users to customize the layout in which they store
their mail. For instance, some users like to have their INBOX as an
mbox in /var/mail, and other maildirs in ~/Maildirs/, others prefer
having everything as a mix maildirs and mboxes in ~/mail, etc.

Looking at the MailLocation wiki page, it seems like the only option,
if I want to customize the location per user, is to set it in the
userdb, but since we only have system users everywhere, it seems we
have to use the passwd userdb, which doesn't support this kind of
per-user customization (even on servers where PAM/NSS are configured
to use LDAP).

Again, am I overlooking something here? Is there nothing similar to
~/.imaprc, which is supported by certain versions of some other IMAP
servers?


Thanks in advance for any insights,
Michal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151212/65e495bf/attachment.sig>


More information about the dovecot mailing list