Re: [vchkpw] A new tools for vpopmail
I´ve already made a set of tools for my users like a script to them change their passwords needing only to know the old password of their accounts. At the time, I had the same problem that you´re talking now. The first thought that occurs is chmod +s tool_that_i_want_to_use like you´re saying. I´ve solved the problem using sudo. It allows me to run some programs as others (like setuid), but I can make only one or some users have this kind of permission. It made my solution much more security than allowing all users to run a command with vpopmail´s user id. If this kind of tool really became part of vpopmail, it will be a big step to lots of other people (like me), to develop their own specific solutions. - Mensagem Original De: Gerald Villemure [EMAIL PROTECTED] Para: [EMAIL PROTECTED] [EMAIL PROTECTED], [EMAIL PROTECTED] [EMAIL PROTECTED] Assunto: [vchkpw] A new tools for vpopmail Data: 23/07/03 05:10 The problem is, how to you get a web server that is running as nobody to run commands as vpopmail? The answer has been to set qmailadmin SETUID vpopmail. The problem with that is. What if you want to develop your own front-end in PHP for example? One answer is to introduce a new command in the base distribution of vpopmail which would run SETUID vpopmail which could then be called by whatever front-end you care to design. COMMAND SUMMARY You must authenticate with a valid user/pass for any commands to be executed. Some commands will only execute if the user/pass has admin rights on the domain in question. Webmail - 99one Internet Provider
[vchkpw] A new tools for vpopmail
There is been some talk about getting qmailadmin to run with PHP and other environments. The problem is, how to you get a web server that is running as nobody to run commands as vpopmail? The answer has been to set qmailadmin SETUID vpopmail. The problem with that is. What if you want to develop your own front-end in PHP for example? One answer is to introduce a new command in the base distribution of vpopmail which would run SETUID vpopmail which could then be called by whatever front-end you care to design. This means a tool like qmailadmin or at least of subset if it could be easily created in mod_perl or mod_php or whatever. Modules for many of the webmail solutions out there would popup in no time. Included is a mock man page for the new command to give you an idea of what I am talking about. Let me know what you all think. Gérald == NAME vadm - user level vpopmail admin tool SYNOPSIS vadm [options] command [command_args] DESCRIPTION vadm is a tools to provide non interactive user level commands for vpopmail. The binary is SETUID to vpopmail so any user on the system can use it. This greatly simplifies the creating of a web front-end for example. OPTIONS -b, --base64 The password is BASE64 encoded. This is especially useful when providing the password at the command line. -p PASS, --password=PASS Provide the authentication password for the execution of the command. Its better to use the VADM_PASS environment variable if possible. -u EMAIL_ADDRESS, --user=EMAIL_ADDRESS Provide the authentication user name for the execution of the command. You can also set this in the VADM_USER environment variable. COMMAND SUMMARY You must authenticate with a valid user/pass for any commands to be executed. Some commands will only execute if the user/pass has admin rights on the domain in question. info This will output a coma delimited line of info about the user trying to authenticate. If the supplied user/pass fails to authenticate then it exits with a 1. list_users [DOMAIN] [OFFSET] [MAX] If DOMAIN is not supplied then assume the domain of the authenticated user. OFFSET and MAX is to handle cases when the list of users is quite large. If the authenticated user has admin rights to the domain then this command will return a list of all users for that domain. The list output is one line per user with coma delimited info for every user. update USER SETTING USER is the email address of the account to be updated. SETTING is a coma delimited settings in a format similar to that returned by the info command. If USER is equal to the authenticated user then the command is accepted otherwise the authenticated user must have admin right to that domain. password USER [-b] [NEW_PASSWORD] USER if the email address of the account to be updated. -b here indicated if the new pass is BASE64 encoded If [NEW_PASSWORD] is not supplied then read the new password from the environment variable VADM_NEWPASS newacct USER [SETTING] The authenticated user must have admin rights on the domain to execute this command. rmacct [-f] USER This will remove an account and if the [-f] if supplied it will also delete all the users email. Some checking is done to make sure no forwards pointing to this account. setfallback DOMAIN EMAIL This will set the fallback address for the domain. list_forwards [DOMAIN] [OFFSET] [MAX] newfwd USER EMAIL rmfwd USER etc.. I am sure there are a few more commands that would be needed. ENVIRONMENT VARIABLES It is recommended that the credentials of the user be set with environment variable rather then at the commend line for security reasons. VADM_USER This variable specifies the email address of the user requesting the execution of the command. VADM_PASS This variable specifies the password user requesting the execution of the command. The password can be encoded in BASE64 if the -b is supplied. VADM_NEWPASS This variable hold the new password user requesting to change a password. The password can be encoded in BASE64 if the -b is supplied. DIAGNOSTICS Normally, exit status is 0 with output on STDOUT and 1 otherwise. BUGS This tool does not exist yet.
