Date: Mon, 12 Apr 2004 23:41:58 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-isp@freebsd.org Subject: Re: mail server recommendations? Message-ID: <407B0D26.9060201@quip.cz> In-Reply-To: <200404121527.46330.mjohnston@skyweb.ca> References: <20040412173824.GC13343@bewilderbeast.blackhelicopters.org> <200404121301.41643.mjohnston@skyweb.ca> <407AF242.1020601@quip.cz> <200404121527.46330.mjohnston@skyweb.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Johnston wrote: > Miroslav Lachman <000.fbsd@quip.cz> wrote: > >>Hi, I am running similar configuration on several machines (Postfix + >>Courier-IMAP [with POP3ssl/IMAP4ssl] + MySQL). I have a guestion about >>one general difference - unique UID / GID for each user. I guess it >>provide more security, but also some troubles. If all virtual users >>(stored in MySQL) have same UID/GID, postfix can be configured to create >>maildirs itself with first incoming message. If each user has unique >>UID, maildirs must be created manualy (or from shellscript) and chowned >>to UID/GID. > > > Exactly - that's the tradeoff. > > >>My question: "If all virtual users have same UID/GID, is there some real >>security risk?". > > > Sharing UIDs and GIDs can have good or bad effects on security. On a server > with no users logging in, like mine, it's moot; nobody (well, nobody who > hasn't compromised the server) can get at the maildir storage on disk, so > nobody (ditto) can play with the mailboxes. On a server where users do log > in, you can go two routes: > > - Unique UIDs/GIDs. This makes things more convenient for the user, since > they can use mail clients on the server and get right at their mail. If you > want to have local mail clients work at all, you have to do this. > > - Shared UID/GID. In this case, the user can't get at their own maildir, and > they'll have to use LDAP/POP3 over loopback to read their mail. It does make > management easier, though. > > It sounds to me like you're working with a server where users don't log in, > since you're using MySQL to manage user accounts. In that case, unique UIDs > buy you essentially nothing. > Yes, I am one and only who has shell account (logging via SSH), users have FTP, POP3/IMAP/webmail, HTTP access and CVS (CVSd pserver throught SSL [stunnel]) > >>I'll be glad to read if same UID/GID is secure or not, because I am >>writing webbased administration tool in PHP and main problem is creation >>of maildirs for new accounts. Same UID/GID could solve my problem. > > > The only time that unique UIDs and GIDs are useful is when the user will be > logging in locally, so you can just look in /etc/passwd, find the user's UID, > and create the maildir with that. If the user doesn't have a system account, > you've got no reason to start making up UIDs to give them one; just share a > single UID. > > >>PS: sorry for my bad english and a little offtopic message > > > Since you say "offtopic", I assume you intended this for the freebsd-isp list, > instead of private mail. I've taken the liberty of including the list in the > Cc again, since security advice like this shouldn't go unreviewed. :) You > might also want to move this thread to freebsd-security@freebsd.org, to reach > people with more security know-how. > I am sorry for my mistake, I really intended this for freebsd-isp list and I'll send it to freebsd-security too. Thank you for your opinion. > >>PPS: I'll publish webbased administration tool on sourceforge.net after >>completition > > One more question - does anybody know some webbased administration tools for email accounts of postfix virtual users in MySQL/PgSQL? (I started writing my own, but I am still interested in comparison with other tools) -- Miroslav Lachman Webapplication Developer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?407B0D26.9060201>