subject:"Does cyrus user need a shell\?"

Re: Does cyrus user need a shell?

2017-02-07 Thread ellie timoney via Cyrus-devel

Another data point: on my development/testing setup, the cyrus user's
shell is /bin/false.  I'm not sure what the practical difference is, if
any, between this and nologin.  I get no issues with this for
conventional use.

But for post-hoc debugging/examining state/etc, I often want a working
shell as the cyrus user, and for that I use this:
https://github.com/elliefm/cyrus-build-tools/blob/master/cyrus-shell

Cheers,

ellie

On Wed, Feb 8, 2017, at 02:45 AM, Ondřej Surý via Cyrus-devel wrote:
> Hi,
> 
> a recent Debian bug sparkled a discussion whether cyrus (or other user
> cyrus-imapd runs as) need a shell? Debian packages create a cyrus user
> with disabled password, but nologin shell would add another layer on top
> of that.
> 
> Cheers,
> -- 
> Ondřej Surý 
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
> fast DNS(SEC) resolver
> Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
> pečení chleba všeho druhu

Re: Does cyrus user need a shell?

2017-02-07 Thread Giles Malet via Cyrus-devel

> they don't need one for running the Cyrus stuff.

I realise I answered a slightly different question than you asked: "one" being 
an account, when you were asking about the shell. But the same answer holds 
true: since nothing is run in the context of the user, they don't need a shell.

g

Re: Does cyrus user need a shell?

2017-02-07 Thread Giles Malet via Cyrus-devel

> whether cyrus (or other user cyrus-imapd runs as) need a shell?

We run multiple servers, with tens of thousands of users' mailboxes on each, 
and there are only a few user accounts on the servers. Those are the admins. So 
the answer is no, they don't need one for running the Cyrus stuff. There might 
be other reasons that force it though, such as authentication.

We use Kerberos (via PAM) to authenticate to a Microsoft server. We have an 
option in krb5.conf to allow authentication to succeed without there being a 
local account (I think it's verify_ap_req_nofail = false). If you need a 
locally stored password or whatever you might need user accounts

g

Does cyrus user need a shell?

2017-02-07 Thread Ondřej Surý via Cyrus-devel

Hi,

a recent Debian bug sparkled a discussion whether cyrus (or other user
cyrus-imapd runs as) need a shell? Debian packages create a cyrus user
with disabled password, but nologin shell would add another layer on top
of that.

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

Re: Does cyrus user need a shell?

Re: Does cyrus user need a shell?

Re: Does cyrus user need a shell?

Does cyrus user need a shell?

4 matches

Site Navigation

Mail list logo

Footer information