Another data point: on my development/testing setup, the cyrus user's shell is /bin/false. I'm not sure what the practical difference is, if any, between this and nologin. I get no issues with this for conventional use.
But for post-hoc debugging/examining state/etc, I often want a working shell as the cyrus user, and for that I use this: https://github.com/elliefm/cyrus-build-tools/blob/master/cyrus-shell Cheers, ellie On Wed, Feb 8, 2017, at 02:45 AM, Ondřej Surý via Cyrus-devel wrote: > Hi, > > a recent Debian bug sparkled a discussion whether cyrus (or other user > cyrus-imapd runs as) need a shell? Debian packages create a cyrus user > with disabled password, but nologin shell would add another layer on top > of that. > > Cheers, > -- > Ondřej Surý <ond...@sury.org> > Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server > Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, > fast DNS(SEC) resolver > Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro > pečení chleba všeho druhu
