Re: Does cyrus user need a shell?
Another data point: on my development/testing setup, the cyrus user's shell is /bin/false. I'm not sure what the practical difference is, if any, between this and nologin. I get no issues with this for conventional use. But for post-hoc debugging/examining state/etc, I often want a working shell as the cyrus user, and for that I use this: https://github.com/elliefm/cyrus-build-tools/blob/master/cyrus-shell Cheers, ellie On Wed, Feb 8, 2017, at 02:45 AM, Ondřej Surý via Cyrus-devel wrote: > Hi, > > a recent Debian bug sparkled a discussion whether cyrus (or other user > cyrus-imapd runs as) need a shell? Debian packages create a cyrus user > with disabled password, but nologin shell would add another layer on top > of that. > > Cheers, > -- > Ondřej Surý> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server > Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, > fast DNS(SEC) resolver > Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro > pečení chleba všeho druhu
Re: Does cyrus user need a shell?
> they don't need one for running the Cyrus stuff. I realise I answered a slightly different question than you asked: "one" being an account, when you were asking about the shell. But the same answer holds true: since nothing is run in the context of the user, they don't need a shell. g
Re: Does cyrus user need a shell?
> whether cyrus (or other user cyrus-imapd runs as) need a shell? We run multiple servers, with tens of thousands of users' mailboxes on each, and there are only a few user accounts on the servers. Those are the admins. So the answer is no, they don't need one for running the Cyrus stuff. There might be other reasons that force it though, such as authentication. We use Kerberos (via PAM) to authenticate to a Microsoft server. We have an option in krb5.conf to allow authentication to succeed without there being a local account (I think it's verify_ap_req_nofail = false). If you need a locally stored password or whatever you might need user accounts g
Does cyrus user need a shell?
Hi, a recent Debian bug sparkled a discussion whether cyrus (or other user cyrus-imapd runs as) need a shell? Debian packages create a cyrus user with disabled password, but nologin shell would add another layer on top of that. Cheers, -- Ondřej SurýKnot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu