Thank you, Eric. That made zero difference. I am not certain, but
believe the issue I am seeing is because of the suexec setup on CentOS8.
Suexec will no longer su to a user who's UID or GID is less than 1000 -
[root@hostname new]# suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=1000
-D AP_HTTPD_USER="apache"
-D AP_LOG_SYSLOG
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=1000
-D AP_USERDIR_SUFFIX="public_html"
With vpopmail as UID 89 and vchkpw as GID 89, I think suexec simply
won't work.
[root@hostname new]# ls -al /usr/share/qmailadmin/
total 212
drwxr-xr-x 5 root root 79 Nov 13 17:03 .
drwxr-xr-x. 152 root root 4096 Nov 13 17:03 ..
drwxr-xr-x 2 root root 4096 Nov 13 17:03 html
drwxr-xr-x 3 apache apache 4096 Nov 13 17:03 images
lrwxrwxrwx 1 vpopmail vchkpw 10 Oct 17 01:17 index.cgi -> qmailadmin
drwxr-xr-x 2 root root 222 Nov 13 17:03 lang
-rwsr-sr-x 1 vpopmail vchkpw 197144 Oct 17 01:17 qmailadmin
Unfortunately there is no configuration file for suexec that would allow
me to change it to allow 89:89 to be allowed. Compiling suexec from
source probably could do it, but I'm hopeful there is another way around it?
To get dspam web working I had to usermod dspam to UID & GID above 1000.
It is possible I broke something in suexec when I did that, but I only
mention it for complete transparency, I don't think that is likely.
On 11/15/20 3:00 PM, Eric Broch wrote:
Hi Jim,
1st)
In order to do this you must change the url in the file
/usr/share/squirrelmail/plugins/qmailadmin_login/config_default.php
like so:
#$qmlogin_cgi_url='/cgi-bin/qmailadmin';
$qmlogin_cgi_url='https://fqdn/qmailadmin/';
2nd)
I believe calling /usr/share/qmailadmin/qmailadmin
from the cli is erroneous because options aren't being sent in as
would happen with a _POST or something.
Eric
On 11/13/2020 4:37 PM, Eric Broch wrote:
Thanks, Jim, I'll have a look.
Eric
On 11/13/2020 3:19 PM, Jim McNamara wrote:
Hello, all.
I noticed a problem with the qmailadmin website and wanted to check
if others saw it as well. When I tried to change a user's password
through the /webmail interface, I get an error which reads:
Not Found
The requested URL /cgi-bin/qmailadmin was not found on this server.
Thinking that was odd, I tried going directly to /qmailadmin from a
machine on the ACL, and received this arrow in the browser:
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
When I check the apache logs, I see this message:
[Fri Nov 13 17:11:24.885140 2020] [cgid:error] [pid 829305:tid
139962968168192] [client 192.168.X.Y:49419] End of script output
before headers: index.cgi, referer: https://obscured.tld/admin-toaster/
When I simply call the cgi script directly, I believe I have found
the problem -
[user@server ~]$ /usr/share/qmailadmin/index.cgi
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<title>QMT Mail Admin - </title>
">eta http-equiv="content-type" content="text/html; charset=iso-8859-1
<meta name="robots" content="noindex,follow"><link rel="stylesheet"
type="text/css" href="/qmailadmin/images/admin.login.css"
media="screen" />
</head>
Notice the line under <title> and above <meta> begins with a double
quote? I believe that is the issue with the "end of script before
headers? I used yum to remove and reinstall just qmailadmin, but the
problem remained. Since the file is binary I don't believe I can
simply edit it. My qmailadmin package is 1.2.16-5.1.qt.el8 from
qmt-testing.
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
