Michal Petrucha
2015-Dec-12 00:08 UTC
System-user-controllable custom passwords and mail locations
Hello everyone, I'd like to set up dovecot so that it uses the standard system accounts, but with different passwords specific to email. Seems like a fairly common setup, but the catch is, I want the users to be able to set their passwords themselves, without needing any assistance from a server administrator. I'm wondering what's the easiest way of implementing this. From what I've understood, this requirement would probably rule out a separate passwd-file (since the standard Linux passwd doesn't seem to support using a custom passwd file), SQL, flat-file dict, and Redis (since you can't give users access only to their row, or dict key; it's either the entire database (or flat file), or nothing). (Of course, I could work around that limitation by writing a C program that I would install as SUID root, which would only change the invoking user's password, but I'd prefer not to start dumping arbitrary SUID binaries all over the place.) So, that would probably only leave me with LDAP, checkpassword, and the FS dict backend. I can imagine how I could get LDAP to do this -- add some extra attribute for each user, and put together a simple script to change passwords, say, in Python, that would bind as the user and write the new password. However, this would require me to store the system user account database in LDAP, which is kind of overkill on at least one of the servers I want this setup on, where I know for certain that there won't ever be more than a handful of users. Checkpassword would probably work, too; perhaps by looking into some file in the user's $HOME or such. I'm not entirely certain about the security, or performance implications of that approach. With the FS dict backend, I could probably point it to a directory, in which every user would own a file containing their password, that no one else could write to. I haven't been able to find any more details about the structure of this directory hierarchy, though, or the contents of the individual files, so I don't know whether this is a viable approach, or not. My questions are, then: Is there some other way of implementing separate passwords that the users can set themselves that I'm overlooking? Is one of the three approaches described above a bad idea for some reason I don't see? Is there some kind of ?standard solution? to this problem? The other thing I wanted to ask about is marginally related; I'd like to be able to allow users to customize the layout in which they store their mail. For instance, some users like to have their INBOX as an mbox in /var/mail, and other maildirs in ~/Maildirs/, others prefer having everything as a mix maildirs and mboxes in ~/mail, etc. Looking at the MailLocation wiki page, it seems like the only option, if I want to customize the location per user, is to set it in the userdb, but since we only have system users everywhere, it seems we have to use the passwd userdb, which doesn't support this kind of per-user customization (even on servers where PAM/NSS are configured to use LDAP). Again, am I overlooking something here? Is there nothing similar to ~/.imaprc, which is supported by certain versions of some other IMAP servers? Thanks in advance for any insights, Michal -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20151212/65e495bf/attachment.sig>