Is user lock-out required for backend xfers?

Andrew Morgan morgan at
Thu Mar 12 12:29:56 EDT 2009

On Wed, 11 Mar 2009, Wil Cooley wrote:

> Somewhere I read (or thought I read) that it was important to ensure
> that a user was not logged in when his mailbox was transferred between
> backends in a Murder setup, otherwise there was a risk of mailbox
> corruption. Is this true or have I been reading the tabloids again?
> Context: I have several shiny new backends with 2.3 that I have ready to
> replace our old 2.2 backends. We have something like 70,000 mailboxes to
> move, which will obviously be something done in nightly batches over a
> period of weeks.
> Our current obstacle is having to ensure that the mailbox is not open,
> because that requires: notifying the user that his e-mail will be
> unavailable for a period of time, locking the user's account (which
> locks him out of everything else unless we work up some Cyrus-specific
> solution, like some PAM magic), checking all the front-ends to verify
> that he's not logged in (this is iffy, because the proc/<username> files
> are all we've got and some of those are left-overs from crashes and lack
> of housekeeping), doing the transfer, and then undoing all of this.
> Alternately, if there is only a small risk of mailbox corruption, it may
> be better to just do the transfers late at night and accept having to do
> a handful of mailbox reconstructs.
> Is this what other people have done?

When we went from a standalone server to a Murder setup, we moved half of 
our mailboxes from cyrus-be1 to cyrus-be2.  We did them in batches 
overnight, without any special care taken to prevent users from accessing 
them.  I'm not aware of any problems caused by this.  This was back in 
Cyrus 2.1 or 2.2.

So no promises, but it worked fine for us.


More information about the Info-cyrus mailing list