[Dovecot] some basic questions
Timo Sirainen
tss at iki.fi
Thu Jun 29 21:53:42 EEST 2006
On Jun 29, 2006, at 6:11 PM, David wrote:
> I'm still trying to grok the +/- aspects of virtual users...
I think the whole idea of system vs. virtual users is kind of stupid
and the problem between deciding between them is really only about
lack of proper tools to deal with them. The only two differences
between them are:
1) Each system user has their own UID in kernel side. With virtual
users they usually share one UID.
2) System users are listed in /etc/passwd, or wherever nsswitch.conf
tells to look for them..
From security point of view the more different UIDs the users have
the better. Then it's also the kernel which guarantees that users
don't go looking into others' mails. The only real downside to this
is that there are only 65536 different UIDs usually, so with large
systems you can run out of them.
Dovecot or the kernel doesn't care about users being in /etc/passwd,
so as long as you have proper tools to allocate UIDs it's simple to
do that from Dovecot's point of view. I think there should be more
tools in this area that can handle the UID allocation easily for
Dovecot's userdb. If you allocate UIDs 2000 and larger to virtual
users you shouldn't have a problem with adding system users either.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060629/accd85d2/PGP.pgp
More information about the dovecot
mailing list