On Wed, Feb 03, 1999 at 04:29:57PM +0000, Matt Garrett wrote:
> This is really directed more toward Paul Gregg <[EMAIL PROTECTED]>, but I
> thought the whole list might get some benefit from my mistakes.
>
> I'm using your checkpoppasswd program derived from the checkpasswd of
> Jedi/Sector One. I've modified it by putting more intuitive messages into
> the syslog messages and got it working, authenticating users at one point,
> but now it's failing with the log message "Couldn't setgid (888)." I'm
> running qmail-pop3d.init with the uid and gid of the qmaild user (81 and 80
> respectively. It was originally root, but I thought that might be a security
> hazard and changed it to the same uid/gid of the other qmail servers. Is
> there a valid reason for having qmail-pop3d run as root? Is it because
> qmail-pop3d has to be able to delete files owned by others? I put qmaild into
> the popuser group (888) but it still failed at the same point.
qmail-pop3d doesn't run as root--it runs with the uid/gid of the user who owns
the Maildir. Since that isn't known beforehand, the process that execs it
(checkpoppasswd in your case) has to be running as root; otherwise it couldn't
setuid/setgid to an arbitrary user/group.
If all of your mailboxes are owned by the same uid, you could probably rig
things up so that everything runs with the popuser uid/gid.
Chris
