I think that we may be talking past each other here; I hope that this
message clarifies things a bit. If not, please feel free to ask about
what confuses you.
On Wed, 8 Nov 2006, Brian Thompson wrote:
I think we're on the same page...but the home directory issue
deserves some clarification. It's more of an administration issue than
a technical issue. The primary home directories are distributed via
NFS and there's significant effort that goes into maintaining a home
directory environment (.login, .cshrc, etc...) that works well across
all of the application servers for all users and all applications.
But, if the box is dedicated for IMAP, then there is no need for .login,
.cshrc, etc. In fact, you probably want to set the shells for most users
to be /dev/null -- only sysadmins should need to be able to log in to the
IMAP server.
Making the home directories local to the email server would mean
creating a new secondary/local/non-NFS home directory for all of
the users (home directory creation and permission maintenance).
Yes, but isn't that what you want?
Even with a separate set of directories that aren't home directories, you
still have all the directory creation and permission maintenance issues.
Unlike Cyrus (which creates its own sandbox), UW imapd depends upon the
kernel for access control.
Also having to maintain a second set of dot files separate from the
primary NFS home directory in use by the rest of the application
servers. In short, that's additional administrative overhead that isn't
really necessary.
I don't see the additional administrative overhead, unless you choose to
have a disjoint set of IMAP and shell users. [You may want to do that;
that is, have some set of users who are IMAP-only. But that's your
choice.]
There's no second set of dot-files because there are no dot-files (other
than imapd's own .mailboxlist file for subscriptions).
I understand what you are afraid of, but that isn't what I'm talking about
so none of that should apply.
If imapd can do that all by itself, that would work,
but I think most would agree that it isn't imapd's job to create users'
home directories or to automatically set up their shell environment.
In what I am talking about, there's no need for a shell environment on the
IMAP servers, at least not for ordinary users. Nobody is going to run
Pine on the IMAP server. The whole point of a dedicated IMAP server is
for it to be IMAP-only. Dedicated servers are more reliable (less likely
to crash) than machines that have to run an unpredictable mix of tasks.
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
