[Dovecot] some basic questions

Timo Sirainen tss at iki.fi
Thu Jun 29 21:53:42 EEST 2006


On Jun 29, 2006, at 6:11 PM, David wrote:

> I'm still trying to grok the +/- aspects of virtual users...

I think the whole idea of system vs. virtual users is kind of stupid  
and the problem between deciding between them is really only about  
lack of proper tools to deal with them. The only two differences  
between them are:

1) Each system user has their own UID in kernel side. With virtual  
users they usually share one UID.

2) System users are listed in /etc/passwd, or wherever nsswitch.conf  
tells to look for them..

 From security point of view the more different UIDs the users have  
the better. Then it's also the kernel which guarantees that users  
don't go looking into others' mails. The only real downside to this  
is that there are only 65536 different UIDs usually, so with large  
systems you can run out of them.

Dovecot or the kernel doesn't care about users being in /etc/passwd,  
so as long as you have proper tools to allocate UIDs it's simple to  
do that from Dovecot's point of view. I think there should be more  
tools in this area that can handle the UID allocation easily for  
Dovecot's userdb. If you allocate UIDs 2000 and larger to virtual  
users you shouldn't have a problem with adding system users either.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060629/accd85d2/PGP.pgp


More information about the dovecot mailing list