Brian Candler <[EMAIL PROTECTED]> wrote:
> On Wed, Jan 01, 2003 at 06:40:11PM -0800, Three Letter Acronym wrote:
> > So, the question is twofold: First, does anyone actually run
> > courier-imap as a non-root user in production?
>
> Yep, do here.
>
> > Second, and
> > more important, is it possible to do this using userdb
> > authentication?
>
> I don't use that, I use LDAP. I run with
>
> TCPDOPTS="-nodnslookup -noidentlookup -user=exim"
>
> In authldaprc I have
>
> LDAP_GLOB_UID exim
> LDAP_GLOB_GID exim
>
> and LDAP_HOMEDIR and LDAP_MAILDIR both point to the same attribute.
Ah -- I don't have enough users to warrant running ldap...hence
the attempt to get userdb to work... Do I interpret the above to
mean that you have one user (exim) that owns all mail, and that users
are restricted to their respective namespaces by the imap server?
I looked at trying to do that with Postfix, I couldn't figure out
how to trick postfix into delivering mail as anything other than
mode 0600, owned by the recipient.
I manually altered the permissions on mail such that it was gid
imap and mode 0660 (the idea was to find some other program to
deliver it with these permissions) but the imap server still wouldn't
serve up the messages.
>
> > I expect that if the entire mail hierarchy
> > were owned by the imap daemon, things would be fine. However,
> > userdb authentication will not allow everyone to have the
> > same uid
>
> I don't see any fundamental reason why that should be. All the auth modules
> call the same function - authsuccess() in authlib/success.c. Look at the top
> of that function to see its logic. Try adding some fprintf(stderr...)'s to
> work out what is going on. The functions it calls to change uid/gid are in
> numlib/changeuidgid.c
Looked around both those files a bit -- it was pretty late at that point,
and I didn't get far....might take another crack at it.
>
> You don't state exactly what you have in your userdb and your system. Do you
> have an 'imap' user and an 'imap' group, and the 'imap' entry in /etc/passwd
> has the 'imap' group as its group? Then
Postfix MTA, Courier-IMAP for serving up maildirs.
There is an imap uid/gid in /etc/passwd.
>
> uid=<imap-uid>,gid=<imap-gid>
>
> in your userdb?
I've tried that -- it can be done for one user, and only one (the userdb database
uses the uid as the key).
It could well be that the bulk of people who use Courier-IMAP do so in
a campus or isp environment, and therefore already have (or see the benefit
in building) an imap (or similar) infrastructure. If this is the case, I
could see userdb just not working unless the imap server runs as root.
--tla
>
> Regards,
>
> Brian.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
