[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: very long passwd

On Fri, Aug 04, 2000 at 11:39:51AM +0200, Joaquin Ferrero wrote:
> I have 200.000 users. The most part only have email service.  The file
> /etc/passwd es very, very long... but es necessary for IMAP server to
> check the home directory for every user.

i'm surprised you get that many users in a passwd file. the passwd uid
field is a 16 bit integer, which only allows for 65536 users total. i
guess you must be sharing uids....probably a bad idea.

debian, btw, allows you to convert your passwd and group files into a
hashed db files (stored in /var/lib/misc).  to enable it, edit
/etc/nsswitch.conf and change the lines:

    passwd:    compat
    group:     compat
    shadow:    compat


    passwd:    db files
    group:     db files
    shadow:    db files

then remember to run the Makefile in /var/lib/misc every time you
add/change/delete a user. or set up a cron job to do it every 5 or 10

	*/10  * * * *	cd /var/lib/misc ; make >/dev/null 2>&1

i'd say that this would scale up to 2^16 users. any more than that and
you want to look for a better tool.

this will probably work for you - looking up an entry in a db file is a
LOT faster than sequentially searching a flat text file - but you have
more users than can really be supported by 16bit uids so you should look
into something designed to do the job like cyrus (see below).

> nss_mysql is the only solution?
> Now, I have mysql to auth users for proftpd & apache via PAM
> (pam_mysql)
> Sendmail can't delivery emails to not existents users (it check
> /etc/passwd).  IMAP server need /etc/passwd for check user & home
> dir. With pam_mysql check the user but not the home dir.
> Any solution for only-email users without /etc/passwd file???
> How can to have many users easy?

you probably want to look at the cyrus mail system (which is packaged
for debian). don't be put off by the "non-free" status, the license is
free enough for most practical purposes, but doesn't quite meet the
debian free software guidelines.

you will need at least the cyrus-common, cyrus-admin, and cyrus-imapd

Package: cyrus-admin
Priority: extra
Section: non-free/mail
Installed-Size: 76
Maintainer: Michael-John Turner <mj@debian.org>
Architecture: i386
Source: cyrus-imapd
Version: 1.5.19-3
Depends: libc6 (>= 2.1.2), libdb2 (>= 1:2.4.14-7), tcl8.0 (>= 8.0.4)
Filename: dists/unstable/non-free/binary-i386/mail/cyrus-admin_1.5.19-3.deb
Size: 38252
MD5sum: b5fa894cf5b47389abb873d1c4d10bc2
Description: CMU Cyrus mail system (administration tool)
 Cyrus is a fully-featured IMAP daemon, with a number of features not
 found in other IMAP implementations, including:
  o Designed to handle massive quantities of mail
  o No need for users to have login accounts
  o Support for POP3 in addition to IMAP
  o Servers don't run as root
  o Easy support for mail quotas
 Note: Cyrus doesn't support reading from and storing mail in your
 standard mail spool - it stores mail in a separate directory in its
 own MH-like format.
 This package contains the cyradm tool which can be used to administer
 both local and remote Cyrus mail systems.

cyrus' mailbox format is similar to the Maildir format so should be NFS
safe (or at least as safe as anything is likely to be under NFS).

i haven't used cyrus myself yet in any serious way, just played with it
a bit. it looks good, i'm impressed.

cyrus will work with sendmail or exim or most other mailers (dunno if it
works with qmail). i'd recommend using it with postfix, because postfix
is about the best mailer available - it's fast, secure, and backwards
compatible with sendmail. from what i've read on the postfix-users list,
cyrus + postfix makes an excellent combination.

postfix scales extremely well. i would guess that your mail server is
straining under an extremely high load average with 200,000 users on
sendmail. under postfix it would just chug along barely breaking a


craig sanders

Reply to: