Migrate system users to virtual users

deoren Dovecot-mailing-list at whyaskwhy.org
Thu Nov 13 19:34:29 UTC 2014

On 2014-11-13 12:29, Ron Leach wrote:
> List, good afternoon,
> We are at the planning stage of wanting to migrate from an existing
> installation onto a new machine, and also to change from system users
> to virtual users.  May I check that our ideas for user id are correct?
> I am not sure whether we will encounter a 'permissions' and 'user id'
> problem when moving from a system-user scheme to a virtual scheme.  We
> use Maildir, and the maildirs at the moment are in their users' linux
> /home directories.
> After reading the wiki, we think that the 'single system user for
> vmail' arrangement, ie just one system user to manage all the mail for
> all virtual users, will work for us.  I think that means that the
> permissions on all our existing 'system-user-oriented' maildirs will
> have to be changed (in the new machine) so that they are owned by the
> 'single-system-user', such as 'vmail'.
> One thought was to first copy the existing maildirs into the new
> virtual user file system tree, and then, second, change the owners and
> permissions on the maildirs and directories and messages to permit
> control by 'vmail'.  From the point of view of transferring all the
> mail files, is that all we would have to do?  (Of course, we would
> also have to create the virtual users and their passwords, and arrange
> the appropriate password lookups etc, but that's not the direct topic
> of this post.  And that arrangement has to be compatible with the MTA,
> as well.)

That is what I did with a system account that I migrated a few months 
back and it worked out well.

> If we do copy the maildirs and change the permissions, does all the
> metadata that the clients, or Dovecot, use to detect new, existing, or
> downloaded mail remain valid?  Or should we use a different approach?

Hopefully someone with more experience will chime in and answer the 
particulars re metadata, but I did just what you're talking about and 
didn't have any problems;  granted I was working with a test account 
with minimal data. I went from a setup like you described where I had 
/home/user/Maildir and migrated that content to 
/var/vmail/domain/user/Maildir and set the new system account as the 
user:group recursively. That setup has been working fine since. I 
initially made the mistake of leaving out the 'Maildir' subdirectory for 
the content, but after receiving some advice here on the list I 
corrected that mistake.

More information about the dovecot mailing list