From the documentation, virtual users seem like a good idea if you plan on having a lot of users. Although I'm wondering about the following:
What other benefits/consequences are there to using virtual over system users and vice versa?
Will virtual users have the same protection as system users (system users would use linux permissions, which is pretty secure)?
How easy will it be to switch from using system users to virtual users or vice versa?
Hello Gab,
well the most attractive feature of virtual users is ease of administration. Adding a new domain and user is a matter of adding a couple of text lines (if using simplest text-based user databases), mail users do not litter the system user space, you do not expose system access to mail-only users, you don't have to create and manage email-to-sysuser mapping, each user logins simply by his/her email address, mail storage is separated from system home dir, etc...
In fact it is more convenient and consistent to use virtual mailboxes even for system users (e.g. admin), just add an alias root -> user@domain.zz (Naturally system password and mail password are independent so they can be different for added security).
Of course in simplest form all virtual users use one system account but exploiting this would require circumventing Dovecot security which is pretty high. Also at most it would get access to other accounts' mail, not other system access.
Migration is really quite easy, actually I just created the virtual user infrastructure (postfix + dovecot) and then simply copied each Maildir directory from ~user/ to ~vmail/user@domain.zz/
Best wishes Eugene
-----Original Message----- From: Gab IIpop Sent: Thursday, July 11, 2013 5:31 PM To: dovecot@dovecot.org Subject: [Dovecot] (no subject)
From the documentation, virtual users seem like a good idea if you plan on having a lot of users. Although I'm wondering about the following:
What other benefits/consequences are there to using virtual over system users and vice versa?
Will virtual users have the same protection as system users (system users would use linux permissions, which is pretty secure)?
How easy will it be to switch from using system users to virtual users or vice versa?
participants (2)
-
Eugene
-
Gab IIpop