> Laurence Brockman writes:
>
> Is there any reason why I couldn't run qmail-pop3d as a non-root user?
> Using tcpserver to start the process I could easily set it to run as a
> qmail user (Or yet another user, with almost no permissions). Is this
> possible? And if so, is there anything that I should be looking out for?
If you use checkpassword, there are two reasons why tcpserver
must be started as root:
1) checkpassword needs root priveliges to call setgroups() to
set supplementary groups.
2) If you use shadow password files, checkpassword needs root
proveliges to read them.
(And of course, if your mail users have different UID's, checkpassword
needs root priveliges to switch its UID to the user logging in before
it starts qmail-pop3d.)
If you use a replacement checkpassword, tcpserver may or may not
be started as an unpriveliged user depending on what the checkpassword
replacement needs to do.
--
Gjermund Sorseth
