dovecot - Feb 2012 - migrating/converting from system users -> virtual users

Hello all,

We currently have a traditional mail server  where all users have system 
accounts (ie entries in the NIS passwd map) and mbox-format mail folders in 
their (system) home directories.

I'm trying to setup a dovecot server in which we want all users to have 
"virtual" accounts (in dovecot) and no entry in the passwd file at all
(ie no
access to the mail server).

This is for security reasons, we want to imagine that users connecting to the 
mail server in future will not be able to access any resources on the server 
other than access their email messages. To this end we've set up a
"vmail"
user that owns all the messages in the Maildir directories.


Most of this is working but I'm stuck on how to convert users' mail
folders
from the existing setup to the new one. I'm using the convert plugin but of 
course the problem is that the plugin executes as the "vmail" user and
cannot
access the existing mail folders that belong to the users: and I'd be
worried
if it could, of course!

So I've converted a few users already by making copies of their old-world 
mailboxes, changing the ownership of the copies and pointing the convert 
plugin to these copies, instead of the originals.

This works (modulo the dreaded "timeouted" error messages) but is very
ugly.

So I tried looking at the convert-tool but can't find a man page for it so
am
not sure what I'm doing with it!

I have the idea that I should be able to run some command (as a privileged 
user) on the mail server and have it do the conversion for me, changing the 
ownership/permissions on the way.

Can convert-tool do this?

I'd prefer to go with the automatic (plugin) conversion if I can bodge the 
ownership issues somehow. Failing that, some tool or script may be the next 
best answer.

This is Dovecot 1.2 by the way on Solaris 10.

Any suggestions would be welcome!

Steve Platt

On 28.2.2012, at 19.45, Steve Platt wrote:
> Most of this is working but I'm stuck on how to convert users' mail
folders
> from the existing setup to the new one. I'm using the convert plugin
but of
> course the problem is that the plugin executes as the "vmail"
user and cannot
> access the existing mail folders that belong to the users: and I'd be
worried
> if it could, of course!
Convert plugin also has some other problems.
> I have the idea that I should be able to run some command (as a privileged 
> user) on the mail server and have it do the conversion for me, changing the
> ownership/permissions on the way.
> 
> Can convert-tool do this?
Possibly, but I remember it had some problems. The best solution would be to use
Dovecot v2.0's dsync. Also you can use one of the scripts in
http://wiki2.dovecot.org/Migration/MailFormat such as mb2md.
> I'd prefer to go with the automatic (plugin) conversion if I can bodge
the
> ownership issues somehow. Failing that, some tool or script may be the next
> best answer.
You could set mail_drop_priv_before_exec=yes, mail_access_groups=vmail and chgrp
vmail, chmod g+rw the old mailboxes.