On Wed, 9 Jan 2008 12:17:22 -0800 (PST) Asheesh Laroia <asheesh@asheesh.org> wrote:
On Wed, 9 Jan 2008, Charles Marcus wrote:
On 1/9/2008, Asheesh Laroia (asheesh@asheesh.org) wrote:
Basically - the above is a reason to use 'adduser', not a reason to use virtual users! If I'm wrong, please clarify my understanding.
My understanding is using Virtual Users is inherently more secure, since the users do not have system accounts, much less shell accounts.
There should be a straightforward way to set their shell to something that prevents shell login but allows Dovecot login. Then they have their own separate security contexts (i.e., UID), so in the case that Dovecot goes horribly awry each user's data is isolated from the other's.
Whether a user is a virtual user or a regular user makes not difference. Their data is still isolated from each other. Virtual users do not have all of their data jumbled together into one file, which seems to me anyway what you are referring to. A virtual user simply does not have a system account, and therefore cannot interact with the system directly. Why give any user who does not require access to a system the possibility of doing so by making them regular users? Besides, as I stated in a previous post, once in place, adding virtual users is trivial and far safer than adding regular shell accounts.
I believe /bin/false will work for this; since it is not listed in /etc/shells, shell login will fail even with e.g. ssh user@host /bin/sh, but PAM should authorize the user for Dovecot. I would double-check this before using it in production.
I am not sure what you are trying to describe here. It appears that you are not either.
--
Gerard gerard@seibercom.net
Sometimes, when I think of what that girl means to me, it's all I can do to keep from telling her.
Andy Capp