Re: how do I conceptualize system & virtual users?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Jun 2015, lejeczek wrote: On 19/06/15 15:13, Mauricio Tavares wrote: On Jun 19, 2015 9:08 AM, "lejeczek" wrote: I guess this would be a common case, I am hoping for some final clarification. a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains. Do I treat these users as system or virtual users from postfix/dovecot perspective? If it can be a matter of choice then which is better/best? I would make them virtual users. This way you can abstract and scale things up. Also your normal users then would not need to have access to your mail servers; they only access the services. many thanks. it can be a tricky for beginner to define those, in old days when one said system users thought of OS dedicated accounts for daemons/services etc. In this team of postfix+dovecot, which one decides whether user is canonical/system or virtual? Optimally installed, Dovecot provides the user information for Postfix. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVYeou3z1H7kL/d9rAQIYqQgAy3FuDLPOn0jvmk6Iua31gSLlL40ghAwB TxBCVQGsjrnvQF3k3hXtSwopsR9A6jA0ccbUiqHWA7SBUlCHG+ijgOMneEmuaVKa 9bUavKU7SFfRMnCt4VcoSoEodB5g3e7INQyE8dxZ9bWwsshpuHaD/0YUajUtc8/Q ewhq7U+UGW/VoVCOvJ7SYl9uZ5o8VMZacbngHHA6xN0soeoi+kFCkUjM5iMVWIOw UzitYvHUCT5TxVtmGF3ynYFtByXzw7dKAoNc0KFZUs5z9h2kBxBhFuCti1tHz9I6 73bPdulAnc/NMgd9HYCpK662mqRsYK406Cbmfqb/1x7Rjm1PmoDYXA== =IogP -END PGP SIGNATURE-
Re: how do I conceptualize system & virtual users?
On 19/06/15 15:13, Mauricio Tavares wrote: On Jun 19, 2015 9:08 AM, "lejeczek" wrote: I guess this would be a common case, I am hoping for some final clarification. a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains. Do I treat these users as system or virtual users from postfix/dovecot perspective? If it can be a matter of choice then which is better/best? I would make them virtual users. This way you can abstract and scale things up. Also your normal users then would not need to have access to your mail servers; they only access the services. many thanks. it can be a tricky for beginner to define those, in old days when one said system users thought of OS dedicated accounts for daemons/services etc. In this team of postfix+dovecot, which one decides whether user is canonical/system or virtual?
Re: how do I conceptualize system & virtual users?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Jun 2015, lejeczek wrote: a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains. Do I treat these users as system or virtual users from postfix/dovecot perspective? If it can be a matter of choice then which is better/best? I used system users, but because I use a dedicated mail server and I needed IMAP ACLs and sharing of mailboxes, I switched to virtual users. Depending on security concerns virtual users are easier to manage, IMHO. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVYQkunz1H7kL/d9rAQL0DAf/f4syrrjKjDZxbyIE4f6QRI+NA3yMNwr/ uxpJbZUwo2K8NLlSiez96rsOJ1kSuF0ZL8/wjFZByIfrppO2oXFodCaNdkXcDB6H G4fkR0NcKgbKikO0ADpruHGcwiDD7q/jNLpNL96TgDZMnzq+6JNcG7eUfGAt+PKP GURIEtOoq0pqlU3kfylcEjju1ybczvLgXAA6w+pa7saIoWnGy+X/4CUy6i2KwBqZ SHB4fAZT5k0pIHeB7MMt+PoGSgT28ddAGlJWizLLkck6MADlhGZGK4vT4gbLgt/g 9XaxUg30Q+VfSJS+jxiiowlcmw3BPUCTJzj6BoYRaWwK/DWakg2CsA== =3g4i -END PGP SIGNATURE-
Re: how do I conceptualize system & virtual users?
On Jun 19, 2015 9:08 AM, "lejeczek" wrote: > > I guess this would be a common case, I am hoping for some final clarification. > > a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. > Boxes are in the same both DNS and Samba domains. > > Do I treat these users as system or virtual users from postfix/dovecot perspective? > If it can be a matter of choice then which is better/best? > I would make them virtual users. This way you can abstract and scale things up. Also your normal users then would not need to have access to your mail servers; they only access the services. > many thanks.
how do I conceptualize system & virtual users?
I guess this would be a common case, I am hoping for some final clarification. a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains. Do I treat these users as system or virtual users from postfix/dovecot perspective? If it can be a matter of choice then which is better/best? many thanks.