[Dovecot] migrating/converting from system users -> virtual users
steve.platt at mrc-bsu.cam.ac.uk
Tue Feb 28 19:45:49 EET 2012
We currently have a traditional mail server where all users have system
accounts (ie entries in the NIS passwd map) and mbox-format mail folders in
their (system) home directories.
I'm trying to setup a dovecot server in which we want all users to have
"virtual" accounts (in dovecot) and no entry in the passwd file at all (ie no
access to the mail server).
This is for security reasons, we want to imagine that users connecting to the
mail server in future will not be able to access any resources on the server
other than access their email messages. To this end we've set up a "vmail"
user that owns all the messages in the Maildir directories.
Most of this is working but I'm stuck on how to convert users' mail folders
from the existing setup to the new one. I'm using the convert plugin but of
course the problem is that the plugin executes as the "vmail" user and cannot
access the existing mail folders that belong to the users: and I'd be worried
if it could, of course!
So I've converted a few users already by making copies of their old-world
mailboxes, changing the ownership of the copies and pointing the convert
plugin to these copies, instead of the originals.
This works (modulo the dreaded "timeouted" error messages) but is very ugly.
So I tried looking at the convert-tool but can't find a man page for it so am
not sure what I'm doing with it!
I have the idea that I should be able to run some command (as a privileged
user) on the mail server and have it do the conversion for me, changing the
ownership/permissions on the way.
Can convert-tool do this?
I'd prefer to go with the automatic (plugin) conversion if I can bodge the
ownership issues somehow. Failing that, some tool or script may be the next
This is Dovecot 1.2 by the way on Solaris 10.
Any suggestions would be welcome!
More information about the dovecot