Hello Milica, On Wednesday, January 29, 2003, Milica Jankovic erc wrote... > I have already written to ask you about a matter that perplexes me. > We administrators have been told by the people who have set up our > email server that it would be unsafe to allow users to have a home > directory, as it would present a great security liability. However, > I have seen for myself that many of the ISPs allow all their > subscribers to have home directory. So I would like an advice on how > great a risk it really is and what would your advice be?
I think you need to look into IMAP servers. Giving somebody a home directory doesn't mean too much in terms of security. Especially when you can create the user with an invalid shell, and force them not to be able to login. How does that make it insecure? Also most ISPs use virtual users, not proper user accounts. They still need a 'home' as such for their mail to be delivered to. Take a look at Courier-IMAP or Cyrus. They both support the use of virtual users via a number of mechanisms (mysql, ldap, etc), and the users stored in there, don't have a login to the server, but still have a login to mail... and still have a 'virtual home' for their mail. -- Jonathan Angliss ([EMAIL PROTECTED]) ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
