On Sun, 2 Mar 2003, Gregory Hicks wrote: > Good reason, but not the right one... (*I* think...)
You're right, it isn't. > qpopper doesn't real ALL the mail files, just one. qpopper needs to be > able to assume the identity of the user that wants to download the > mail. Which is why Qpopper switches to the ID of that user and drops all privileges after authentication. If it didn't, permissions in the mail spool directories wouldn't be as critical as they are - root can do anything. The REAL reason qpopper has to run as root is that it binds to a port (or ports) under 1024 - which requires root privileges, and must be able to switch to the user ID logging in after authentication. It might be possible to run as root, bind to the port, then drop privileges and then switch to the login UserID later, but some systems will prevent switching userids from low privilege accounts and this would require an authentication interface (which is there in some systems, but not all) instead of direct access to /etc/shadow. When running out of inetd, Qpopper only runs as root long enough to verify passwords... :-)
