[Dovecot] mail accounts for users without home dirs

Bob Hall rjhjr at cox.net
Thu Aug 28 06:05:33 EEST 2003


On Thu, Aug 28, 2003 at 04:00:11AM +0300, Timo Sirainen wrote:
> On Thu, 2003-08-28 at 03:34, Alex Howansky wrote:
> > You can accomplish this with the static userdb:
> > 
> > auth_userdb = static uid=210 gid=210 home=/var/mail/%d/%n
> 
> Of course, I don't really suggest of using just one uid for everything..
> Preferrably each user should have separate one, or at least one for each
> domain or other group of users that "trust" each others.

Let's say you have one server box and 20 users. Only the admins have 
accounts on the server box. Users can access mail only through the 
mail servier, via port 143. This involves three types of Unix accounts: 
root, human admins, and the non-human mail account that owns the 
mail files and runs mail scripts. Use sudo to give the admins the 
right to perform any necessary tasks that need the mail account, so 
that the mail account password doesn't get passed around. 
1) What are the security weaknesses? 
2) How does having one UID differ from having one password that gives you 
   access to all the UIDs in the database?
3) How is this handled in settings with hundreds of users? Do they 
   create hundreds of Unix accounts?

Sorry about all the questions, but I'm trying to get a better 
understanding of security. 

Bob Hall


More information about the dovecot mailing list