On Thu, 2010-07-01 at 21:43 -0700, Frank Cusack wrote:
On 7/1/10 9:59 AM +0200 Steffen Kaiser wrote:
I do _not_ argue about security here. I really wonder why some distros still allow ssh-access by default for every user and some don't. Even a virtual-user based setup requires system users, so one cannot ignore uid related security either.
huh? no virtual user system i've ever setup, or could conceive of, requires system users (above and beyond what the mail system inherently requires, of course).
*nods* I assumed Steffen was meaning "a" system user, as in the singular user that mail/dovecot etc runs under, ie "vmail" afterall, if it required one SU per VU, it kind of defeats the purpose.
Of course Web is different, I agree one SU per virtual host, however there SU is really irrelevant to the users, its used only for things like suexec etc, where all auth and user activity etc is done via their VU details.