how do I conceptualize system & virtual users?
I guess this would be a common case, I am hoping for some final clarification.
a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains.
Do I treat these users as system or virtual users from postfix/dovecot perspective? If it can be a matter of choice then which is better/best?
many thanks.
On Jun 19, 2015 9:08 AM, "lejeczek" peljasz@yahoo.co.uk wrote:
I guess this would be a common case, I am hoping for some final
clarification.
a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to
Boxes are in the same both DNS and Samba domains.
Do I treat these users as system or virtual users from postfix/dovecot
authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. perspective?
If it can be a matter of choice then which is better/best?
I would make them virtual users. This way you can abstract and scale
things up. Also your normal users then would not need to have access to your mail servers; they only access the services.
many thanks.
On 19/06/15 15:13, Mauricio Tavares wrote:
I guess this would be a common case, I am hoping for some final clarification. a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains.
Do I treat these users as system or virtual users from postfix/dovecot
On Jun 19, 2015 9:08 AM, "lejeczek" peljasz@yahoo.co.uk wrote: perspective?
If it can be a matter of choice then which is better/best?
I would make them virtual users. This way you can abstract and scale
things up. Also your normal users then would not need to have access to your mail servers; they only access the services.
many thanks. it can be a tricky for beginner to define those, in old days when one said system users thought of OS dedicated accounts for daemons/services etc. In this team of postfix+dovecot, which one decides whether user is canonical/system or virtual?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 19 Jun 2015, lejeczek wrote:
On 19/06/15 15:13, Mauricio Tavares wrote:
I guess this would be a common case, I am hoping for some final clarification. a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains.
Do I treat these users as system or virtual users from postfix/dovecot
On Jun 19, 2015 9:08 AM, "lejeczek" peljasz@yahoo.co.uk wrote: perspective?
If it can be a matter of choice then which is better/best?
I would make them virtual users. This way you can abstract and scale
things up. Also your normal users then would not need to have access to your mail servers; they only access the services.
many thanks.
it can be a tricky for beginner to define those, in old days when one said system users thought of OS dedicated accounts for daemons/services etc. In this team of postfix+dovecot, which one decides whether user is canonical/system or virtual?
Optimally installed, Dovecot provides the user information for Postfix.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVYeou3z1H7kL/d9rAQIYqQgAy3FuDLPOn0jvmk6Iua31gSLlL40ghAwB TxBCVQGsjrnvQF3k3hXtSwopsR9A6jA0ccbUiqHWA7SBUlCHG+ijgOMneEmuaVKa 9bUavKU7SFfRMnCt4VcoSoEodB5g3e7INQyE8dxZ9bWwsshpuHaD/0YUajUtc8/Q ewhq7U+UGW/VoVCOvJ7SYl9uZ5o8VMZacbngHHA6xN0soeoi+kFCkUjM5iMVWIOw UzitYvHUCT5TxVtmGF3ynYFtByXzw7dKAoNc0KFZUs5z9h2kBxBhFuCti1tHz9I6 73bPdulAnc/NMgd9HYCpK662mqRsYK406Cbmfqb/1x7Rjm1PmoDYXA== =IogP -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 19 Jun 2015, lejeczek wrote:
a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains.
Do I treat these users as system or virtual users from postfix/dovecot perspective? If it can be a matter of choice then which is better/best?
I used system users, but because I use a dedicated mail server and I needed IMAP ACLs and sharing of mailboxes, I switched to virtual users.
Depending on security concerns virtual users are easier to manage, IMHO.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVYQkunz1H7kL/d9rAQL0DAf/f4syrrjKjDZxbyIE4f6QRI+NA3yMNwr/ uxpJbZUwo2K8NLlSiez96rsOJ1kSuF0ZL8/wjFZByIfrppO2oXFodCaNdkXcDB6H G4fkR0NcKgbKikO0ADpruHGcwiDD7q/jNLpNL96TgDZMnzq+6JNcG7eUfGAt+PKP GURIEtOoq0pqlU3kfylcEjju1ybczvLgXAA6w+pa7saIoWnGy+X/4CUy6i2KwBqZ SHB4fAZT5k0pIHeB7MMt+PoGSgT28ddAGlJWizLLkck6MADlhGZGK4vT4gbLgt/g 9XaxUg30Q+VfSJS+jxiiowlcmw3BPUCTJzj6BoYRaWwK/DWakg2CsA== =3g4i -----END PGP SIGNATURE-----
participants (3)
-
lejeczek
-
Mauricio Tavares
-
Steffen Kaiser