On Wed, 9 Jan 2008, Charles Marcus wrote:
On 1/9/2008, Asheesh Laroia (asheesh@asheesh.org) wrote:
Basically - the above is a reason to use 'adduser', not a reason to use virtual users! If I'm wrong, please clarify my understanding.
My understanding is using Virtual Users is inherently more secure, since the users do not have system accounts, much less shell accounts.
There should be a straightforward way to set their shell to something that prevents shell login but allows Dovecot login. Then they have their own separate security contexts (i.e., UID), so in the case that Dovecot goes horribly awry each user's data is isolated from the other's.
I believe /bin/false will work for this; since it is not listed in /etc/shells, shell login will fail even with e.g. ssh user@host /bin/sh, but PAM should authorize the user for Dovecot. I would double-check this before using it in production.
-- Asheesh.
-- Life is difficult because it is non-linear.