[Dovecot] mail accounts for users without home dirs

Timo Sirainen tss at iki.fi
Thu Aug 28 06:50:18 EEST 2003


On Thursday, Aug 28, 2003, at 06:05 Europe/Helsinki, Bob Hall wrote:

> Let's say you have one server box and 20 users. Only the admins have
> accounts on the server box. Users can access mail only through the
> mail servier, via port 143. This involves three types of Unix accounts:
> root, human admins, and the non-human mail account that owns the
> mail files and runs mail scripts. Use sudo to give the admins the
> right to perform any necessary tasks that need the mail account, so
> that the mail account password doesn't get passed around.
> 1) What are the security weaknesses?

With shared uids the problem is that if there's a security hole in 
Dovecot, attacker can access all the files that are owned by his uid. 
So different uids just provide operating system level security.

> 2) How does having one UID differ from having one password that gives 
> you
>    access to all the UIDs in the database?

If you know the password, it doesn't differ. If you don't, but you 
could exploit security hole in Dovecot you then have access.

> 3) How is this handled in settings with hundreds of users? Do they
>    create hundreds of Unix accounts?

They don't have to have real accounts, just the uids have to be 
reserved for them. For example you could just decide that uids above 
10000 are for virtual users in LDAP.



More information about the dovecot mailing list