[Dovecot] mail accounts for users without home dirs
Timo Sirainen
tss at iki.fi
Thu Aug 28 06:50:18 EEST 2003
On Thursday, Aug 28, 2003, at 06:05 Europe/Helsinki, Bob Hall wrote:
> Let's say you have one server box and 20 users. Only the admins have
> accounts on the server box. Users can access mail only through the
> mail servier, via port 143. This involves three types of Unix accounts:
> root, human admins, and the non-human mail account that owns the
> mail files and runs mail scripts. Use sudo to give the admins the
> right to perform any necessary tasks that need the mail account, so
> that the mail account password doesn't get passed around.
> 1) What are the security weaknesses?
With shared uids the problem is that if there's a security hole in
Dovecot, attacker can access all the files that are owned by his uid.
So different uids just provide operating system level security.
> 2) How does having one UID differ from having one password that gives
> you
> access to all the UIDs in the database?
If you know the password, it doesn't differ. If you don't, but you
could exploit security hole in Dovecot you then have access.
> 3) How is this handled in settings with hundreds of users? Do they
> create hundreds of Unix accounts?
They don't have to have real accounts, just the uids have to be
reserved for them. For example you could just decide that uids above
10000 are for virtual users in LDAP.
More information about the dovecot
mailing list