On Wed, 26 Nov 2003 18:04:04 +0000
Chris Newport <me@see-my-sig.invalid> wrote:

> On Wednesday 26 November 2003 2:09 pm in comp.sys.sun.admin Stefaan A
> Eeckels wrote:
>
> > Nowadays, having to create
> > users for the purpose of hosting a mailbox or allowing
> > a file transfer is a security risk. One could make a
> > solid case in favour of an SMTP/POP3/IMAP server that only
> > uses "aliases" for the purpose of accepting and delivering
> > email, and a single system user for all the file system
> > activity.
>
> Indeed, there are some fancy packages which will do this.
> For small systems it is easier and cheaper to set the user's
> shell to /bin/false

Indeed. Still, it's amazing that modern MTAs such as
Postfix do not have the option of running "userless".

--
Stefaan
--
"What is stated clearly conceives easily." -- Inspired sales droid

On Thu, 27 Nov 2003 18:37:01 +0100, Stefaan A Eeckels
<tengo@DELETEMEecc.lu> wrote:

> Indeed. Still, it's amazing that modern MTAs such as
> Postfix do not have the option of running "userless".

Postfix does not require shell accounts for mailboxes. The requirement
for such comes from the MDA. Depending on which delivery agent is used,
it is entirely possible to run completely virtual users.

--
Devin L. Ganger <devin@thecabal.org>
"Aikido is based around the central precept of letting an attack take
its natural course. You, of course, don't want to impede that natural
flow by being in its way." -- overheard on the PyraMOO