fwd: mail server recommendations?

Miroslav Lachman 000.fbsd at quip.cz
Mon Apr 12 15:00:19 PDT 2004 

Hi
I am re-sending this message to this list, because freebsd-security list 
could be more suitable for my question about UID / GID settings of 
Postfix virtual users accounts.

in one sentence: "If all virtual users have same UID/GID, is there some 
real security risk?"

Thank You and I am sorry for my bad english


==================================
original message from freebsd-isp:


Mark Johnston wrote:

 > Miroslav Lachman <000.fbsd at quip.cz> wrote:
 >
 >> Hi, I am running similar configuration on several machines (Postfix +
 >> Courier-IMAP [with POP3ssl/IMAP4ssl] + MySQL). I have a guestion about
 >> one general difference - unique UID / GID for each user. I guess it
 >> provide more security, but also some troubles. If all virtual users
 >> (stored in MySQL) have same UID/GID, postfix can be configured to create
 >> maildirs itself with first incoming message. If each user has unique
 >> UID, maildirs must be created manualy (or from shellscript) and chowned
 >> to UID/GID.
 >
 >
 >
 > Exactly - that's the tradeoff.
 >
 >
 >> My question: "If all virtual users have same UID/GID, is there some real
 >> security risk?".
 >
 >
 >
 > Sharing UIDs and GIDs can have good or bad effects on security.  On a 
server with no users logging in, like mine, it's moot; nobody (well, 
nobody who hasn't compromised the server) can get at the maildir storage 
on disk, so nobody (ditto) can play with the mailboxes.  On a server 
where users do log in, you can go two routes:
 >
 > - Unique UIDs/GIDs.  This makes things more convenient for the user, 
since they can use mail clients on the server and get right at their 
mail.  If you want to have local mail clients work at all, you have to 
do this.
 >
 > - Shared UID/GID.  In this case, the user can't get at their own 
maildir, and they'll have to use LDAP/POP3 over loopback to read their 
mail.  It does make management easier, though.
 >
 > It sounds to me like you're working with a server where users don't 
log in, since you're using MySQL to manage user accounts.  In that case, 
unique UIDs buy you essentially nothing.
 >

Yes, I am one and only who has shell account (logging via SSH), users 
have FTP, POP3/IMAP/webmail, HTTP access and CVS (CVSd pserver throught 
SSL [stunnel])

 >
 >> I'll be glad to read if same UID/GID is secure or not, because I am
 >> writing webbased administration tool in PHP and main problem is creation
 >> of maildirs for new accounts. Same UID/GID could solve my problem.
 >
 >
 >
 > The only time that unique UIDs and GIDs are useful is when the user 
will be logging in locally, so you can just look in /etc/passwd, find 
the user's UID, and create the maildir with that.  If the user doesn't 
have a system account, you've got no reason to start making up UIDs to 
give them one; just share a single UID.
 >
 >
 >> PS: sorry for my bad english and a little offtopic message
 >
 >
 >
 > Since you say "offtopic", I assume you intended this for the 
freebsd-isp list, instead of private mail.  I've taken the liberty of 
including the list in the Cc again, since security advice like this 
shouldn't go unreviewed.  :)  You might also want to move this thread to 
freebsd-security at freebsd.org, to reach people with more security know-how.
 >

I am sorry for my mistake, I really intended this for freebsd-isp list 
and I'll send it to freebsd-security too.

Thank you for your opinion.

 >
 >> PPS: I'll publish webbased administration tool on sourceforge.net after
 >> completition
 >
 >
 >

One more question - does anybody know some webbased administration tools 
for email accounts of postfix virtual users in MySQL/PgSQL? (I started 
writing my own, but I am still interested in comparison with other tools)


-- 
Miroslav Lachman
Webapplication Developer

More information about the freebsd-security mailing list