[Dovecot] mail accounts for users without home dirs
Bob Hall
rjhjr at cox.net
Thu Aug 28 06:05:33 EEST 2003
On Thu, Aug 28, 2003 at 04:00:11AM +0300, Timo Sirainen wrote:
> On Thu, 2003-08-28 at 03:34, Alex Howansky wrote:
> > You can accomplish this with the static userdb:
> >
> > auth_userdb = static uid=210 gid=210 home=/var/mail/%d/%n
>
> Of course, I don't really suggest of using just one uid for everything..
> Preferrably each user should have separate one, or at least one for each
> domain or other group of users that "trust" each others.
Let's say you have one server box and 20 users. Only the admins have
accounts on the server box. Users can access mail only through the
mail servier, via port 143. This involves three types of Unix accounts:
root, human admins, and the non-human mail account that owns the
mail files and runs mail scripts. Use sudo to give the admins the
right to perform any necessary tasks that need the mail account, so
that the mail account password doesn't get passed around.
1) What are the security weaknesses?
2) How does having one UID differ from having one password that gives you
access to all the UIDs in the database?
3) How is this handled in settings with hundreds of users? Do they
create hundreds of Unix accounts?
Sorry about all the questions, but I'm trying to get a better
understanding of security.
Bob Hall
More information about the dovecot
mailing list