[Dovecot] Maildir owner importance
Timo Sirainen
tss at iki.fi
Wed Dec 29 13:06:35 EET 2004
On Wed, 2004-12-29 at 12:55 +0300, Peter Clark wrote:
> On Tuesday 28 December 2004 23:40, Roi Efrati wrote:
> > Does the the virtualmail user need to have a shell account ? Do I have
> > to change the last_valid_uid/gid to the dovecot user or leave them on
> > the virtualmail user ?
> No, and technically you don't even need a virtualmail user, just a uid and
> gid. So, for instance, you could do this (so long as you were certain that
> the numbers in question would never be used for a real user/group):
>
> first_valid_uid = 5000
> last_valid_uid = 5000
> first_valid_gid = 5000
> last_valid_gid = 5000
first_valid_gid / last_valid_gid aren't really that important to change.
They are only extra checks to prevent accidental use of eg. some daemon
accounts due to unset passwords. So if you are using only virtual users
and not /etc/passwd at all, it's rather useless to change them.
If you want to use 5000 UID, just make sure the userdb returns 5000 as
UID.
And there was talk about auth_user in this thread too. The most
important thing with it is that it must not be the same as login_user
(1.0-tests enforce this check). Other than that, it's better to be the
least privileged user that has access to passdb and userdb, but just
using root isn't that bad either.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20041229/b36f009b/attachment-0001.bin>
More information about the dovecot
mailing list