Carlos Williams wrote, at 07/31/2008 09:48 AM:
I was speaking with someone about Postfix and they suggested I use "virtual" mailboxes rather than system accounts for mailboxes. They indicated there is no point in utilzing UID's for mailusers and system accounts simply for Postfix however there appears to be hundreds / thousands of available UID / GID in the pool. Do you guys / girls see a benefit in this methodology or even understand the theory mentioned? I have only 300 users on my server and they all have their own /home/user directory w/ Maildir style Inboxes. No since this is the only function of this machine (email / Postfix), they never login and all are set to /bin/nologin.
I never liked the idea of creating system users just for email, although I did it for years. Even with unusable login shells, home directories can get pretty untidy and challenging to back up for mail purposes (although Maildir does help a bit, here). I wanted to both eliminate unnecessary system users and support additional authentication mechanisms in a unified way, so I switched to a Postfix/Cyrus IMAPd combination, using Cyrus SASL for authentication. It's not as easy as 'adduser bob', but it compartmentalizes things in a way that fits my brain better. I wish I could find something similar for FTP (none of the daemons I like seem to support Cyrus SASL).
