Migrate system users to virtual users
Dovecot-mailing-list at whyaskwhy.org
Thu Nov 13 19:34:29 UTC 2014
On 2014-11-13 12:29, Ron Leach wrote:
> List, good afternoon,
> We are at the planning stage of wanting to migrate from an existing
> installation onto a new machine, and also to change from system users
> to virtual users. May I check that our ideas for user id are correct?
> I am not sure whether we will encounter a 'permissions' and 'user id'
> problem when moving from a system-user scheme to a virtual scheme. We
> use Maildir, and the maildirs at the moment are in their users' linux
> /home directories.
> After reading the wiki, we think that the 'single system user for
> vmail' arrangement, ie just one system user to manage all the mail for
> all virtual users, will work for us. I think that means that the
> permissions on all our existing 'system-user-oriented' maildirs will
> have to be changed (in the new machine) so that they are owned by the
> 'single-system-user', such as 'vmail'.
> One thought was to first copy the existing maildirs into the new
> virtual user file system tree, and then, second, change the owners and
> permissions on the maildirs and directories and messages to permit
> control by 'vmail'. From the point of view of transferring all the
> mail files, is that all we would have to do? (Of course, we would
> also have to create the virtual users and their passwords, and arrange
> the appropriate password lookups etc, but that's not the direct topic
> of this post. And that arrangement has to be compatible with the MTA,
> as well.)
That is what I did with a system account that I migrated a few months
back and it worked out well.
> If we do copy the maildirs and change the permissions, does all the
> metadata that the clients, or Dovecot, use to detect new, existing, or
> downloaded mail remain valid? Or should we use a different approach?
Hopefully someone with more experience will chime in and answer the
particulars re metadata, but I did just what you're talking about and
didn't have any problems; granted I was working with a test account
with minimal data. I went from a setup like you described where I had
/home/user/Maildir and migrated that content to
/var/vmail/domain/user/Maildir and set the new system account as the
user:group recursively. That setup has been working fine since. I
initially made the mistake of leaving out the 'Maildir' subdirectory for
the content, but after receiving some advice here on the list I
corrected that mistake.
More information about the dovecot