Hi, Anders, On Sun, 4 Jan 2004, Anders la Cour Bentzon wrote: >So I found the error myself. I was running bincimapd as vpopmail.vchkpw, >but apparently only root has permissions to issue a chroot command. >Editing my run script to run bincimapd as root makes the log warning go >away.
Right, other users have also encountered this problem. >This presents an interesting question, though; from a security point of >view, is it better to run bincimapd as superuser so that it can issue the >chroot command, or to run it as a less privileged account but then not >being able to enter the chroot jail? If the latter, I'll comment the >relevant lines of code in authenticate.cc out to get rid of the >repetitive log message. Go ahead, it's better not to run bincimap-up as superuser and rather have checkpassword be root.root with 6755 permissions. This is assuming you trust checkpassword over Binc (reasonable) and /bin/checkpassword isn't a shell script. Andy :-) -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something http://www.bincimap.org/ | than to do it poorly."
