However for apache (running non-privileged) to be able to run the cgi requires a searchable path to the binary. By default the libexec/ courier/webmail dir is read/exec for root only, so I end up having to do chmod a+x on the directory after install.
Correct. This is not Microsoft Windows. Stuff like a webmail server is installed in a manner that ensures that there's no possible way to have it enabled by default. Manual action is required to enable it.
I suppose the response will be that I should be copying those binaries to somewhere else rather than just pointing apache to them in place, but why? It makes maintenance easier if they are auto-updated to the latest versions by virtue of simply being installed.
And it makes maintenance even easier if you were to use a packaging system which rolled up the webmail server in a separate subpackage that needs to be explicitly installed; and the separate subpackage installed everything with the right permissions.
So now, you don't get a surprise in terms of a webmail server, unless you explicitly choose to install it, and all upgrade issues are no longer applicable.
pgp00000.pgp
Description: PGP signature
