list at joreybump.com
Thu Dec 15 21:55:44 EST 2005
Roberto Sanchez wrote: > Jorey Bump wrote: > >> It's a double-edged sword, much like running CGI with suexec. >> >> Be sure to limit the user so there are no important assets in the home >> directory (like personal mail or private keys). > > So, what would be the best course of action in that case? Put Maildirs > in a common directory under /var? Even then, that directory would still > be writable by the user, just not under /home. So, what's an admin to do? Well, in my case, I split mail and web onto different machines. On the web machine(s), each virtual host gets a dedicated user with home directory in /var/www/hosts. On the mail machine(s), accounts are assigned to people as needed. By default, nobody gets a shell (but I'll make a rare exception for some web users). This separation is more secure and much easier to manage. Users are free to hire developers or transfer domains without putting email accounts at risk. The servers are more specialized, so the number of exposed services is reduced. If you're limited to one machine, it's still a good idea to separate your mail users from your web users.