On Thu, Aug 28, 2003 at 10:18:48AM +0300, Timo Sirainen wrote:
On Thu, 2003-08-28 at 10:01, Bob Hall wrote:
They don't have to have real accounts, just the uids have to be reserved for them. For example you could just decide that uids above 10000 are for virtual users in LDAP.
Since the UIDs don't correspond to actual system accounts, then I take it that there's no OS level security?
There is. With unix accounts I mean about having the user in /etc/passwd or equilevant. Kernel doesn't care about that, it only cares about the uids used for files and processes.
I thought that the OS used UIDs to associate files and processes with passwd accounts. So if you pass Dovecot a UID that doesn't correspond to the account that owns the mail files, then you don't get access to the mail files. For example, when I passed one account UID number to Dovecot, and the mail files were owned by another account, access was denied. Are you saying there's a work-around?
Bob Hall