Re: Directory that is a mailbox
Mark Crispin wrote: Please send a copy of the patch to me and I will look at it. If nothing else, I can offer suggestions for your patch so that it is likely to remain usable in future releases. On the off chance that my patch may be useful to others, I have polished it up a bit. And I would indeed appreciate your comments, Mark. A tar ball is available at: http://gnudip2.sourceforge.net/imap/ The README file is available at: http://gnudip2.sourceforge.net/imap/patch/README === It should be much easier to use now. It is free of my configuration details. It does not change the exiting UNIX driver. It adds a new "UNIXSUB" driver - as the default driver. So existing folders will still be accessible (unless there is another folder in the same directory named ".mail"!). Only new ones have the new structure. It is no longer necessary to hide "dot files", and folder names beginning with a dot are allowed. It is actually two patches. The first patch is a minimal change to the IMAP base code. It is in "imap.diff", and these are its contents: --- src/osdep/unix/dummy.c~ 2003-03-05 17:37:40.0 -0700 +++ src/osdep/unix/dummy.c 2003-08-23 19:42:27.0 -0600 @@ -233,8 +233,11 @@ struct stat sbuf; int ismx; char tmp[MAILTMPLEN]; + char is_mailbox = 0; /* punt if bogus name */ if (!mailboxdir (tmp,dir,NIL)) return; + /* is this a mail box? */ + is_mailbox = (mail_valid(NIL, tmp, NIL) != NIL); if (dp = opendir (tmp)) {/* do nothing if can't open directory */ /* list it if not at top-level */ if (!level && dir && pmatch_full (dir,pat,'/')) @@ -274,6 +277,7 @@ dummy_list_work (stream,tmp,pat,contents,level+1); break; case S_IFREG: /* ordinary name */ + if (!is_mailbox)/* ignore regular file within mailbox */ /* ignore all-digit names from mx */ /* Must use ctime for systems that don't update mtime properly */ if (!(ismx && mx_select (d)) && pmatch_full (tmp,pat,'/') && The "imap.diff" patch introduces into UW-IMAP the notion that a directory can be a mail box. And for a directory that is a mail box,it will ignore any regular files (i.e. not subdirectories) within that directory when scanning the file system. The result is that these will not be visible to an IMAP client. It is up to the mailbox driver for the directory to use these files. It is my hope that "imap.diff", or some equivalent change will be accepted into UW-IMAP, whether or not the driver itself is. The rest of the package is the actual driver, which is still really just a hack of the UNIX driver. I would never expect this to get into the UW-IMAP code. But I think it makes a case for the technique used to allow folders within folders. One short coming I can think of is that there should be something in the ".mail" files that is unique to this driver, which would then be used within the "VALID" macro to ensure that a ".mail" file for this driver is never mistaken for a UNIX driver folder. Thanks.
Re: How to run IMAP as non-root, port >1024
For someone who is contemplating customization code to suit themselves, I would suggest that they are better off looking at the UW-IMAP code than at the Cyrus code. I speak from experence. Rich Graves wrote: but if what you want is *NOT* normal unix users on a normal unix box running a default installation of sendmail or something similar, then you should probably be looking at the Cyrus imapd, which was designed from the start to run on sealed servers, not normal UNIX boxes running a more or less normal mail installation.
Re: How to run IMAP as non-root, port >1024
On Sun, 24 Aug 2003, Mark Crispin wrote: > If you run the IMAP server logged in as a non-root user, it will be > preauthenticated as that user. This has two consequences: > 1) it can not log in as any other user > 2) there is no login or other security step; the client can immediately > do arbitrary access to the user's mail. Actually, it looks like a relatively simple hack to change the if (uid ==0) to a different uid and skip the setuid bits, but that would be very silly. Bottom line is that UW imapd is 1) the reference implementation by the dudes who invented IMAP, so you can be pretty sure it's correct, and 2) designed to work pretty much as you'd expect with normal unix users following the normal unix security model with normal mail delivery with a default installation of sendmail, or something that acts like it, on a normal unix box. There's a bit more to it -- there's mbx format, which is very nice for speed and multiple access -- but if what you want is *NOT* normal unix users on a normal unix box running a default installation of sendmail or something similar, then you should probably be looking at the Cyrus imapd, which was designed from the start to run on sealed servers, not normal UNIX boxes running a more or less normal mail installation. -- Rich Graves <[EMAIL PROTECTED]> UNet Systems Administrator
Re: How to run IMAP as non-root, port >1024
If you run the IMAP server logged in as a non-root user, it will be preauthenticated as that user. This has two consequences: 1) it can not log in as any other user 2) there is no login or other security step; the client can immediately do arbitrary access to the user's mail. Consequently, you only want to run the IMAP server as a non-root user if you have some other authentication/authorization means in place external to IMAP. For example, one such means is ssh imapserver exec /usr/sbin/imapd since ssh implements authentication and authorization itself. I do not know how SquirrelMail works; you should probably check with its author to find out if it even supports access to a preauthenticated IMAP server (and if so how to set up the ssh or whatever link to do it). Most IMAP clients do not. You are on the wrong track about "write temp files to dirs owned by root"; although the /tmp directory is owned by root any user can write to it. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
How to run IMAP as non-root, port >1024
I would like to build UW-IMAP to run as myself on a high port. The reasoning being that I have a regular user account on a remote box that doesn't run POP or IMAP. All mail access is by SSHing in and running the mail client locally. Sometimes I'm on a box that doesn't run an SSH client so I'd like to setup IMAP and then use SquirrelMail to access the IMAP server locally and then I can check my mail with a web browser from anywhere. I tried changing the listening port from 143 to 1143 and then compiling, but it appears more complicated than that as it wants to run under inetd and to write temp files to dirs owned by root, etc. Any suggestions on how I would accomplish this? Thank you, ~Matt -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --