Re: [vchkpw] Further Information for Building RPM for vpopmail
On 2009-04-02, at 1036, Manvendra Bhangui wrote: 2009/4/2 John Simpson you DO NOT want these to be setuid root. in fact, you don't want ANY of the binaries to be setuid root, except possibly for vpopmaild, and that only if you want to allow it to create and remove domains- otherwise it can run as the vpopmail user with no ill effects. I have not explored that. Example could be making qmail-newu to be setuid root and making the assign file writeable by vpopmail. it's not just those files... vpopmail also modifies the rcpthosts, morercpthosts, virtualdomains, and users/assign files whenever it adds or deletes domains, and it also needs to be able to run qmail-newmrh if the morercpthosts file was changed. and if users have the ability to create their own custom .qmail files, or to specify lines which end up in those files, you DO NOT want the vpopmail user to have write access to any of qmail's control files. a better idea would be to run vpopmaild as root (if you want to allow it to create or delete domains at all) and use it to process any such requests. i know a few people on this list have mentioned web front- ends which duplicate most or all of qmailadmin's functionality, but do all of their work by sending commands to vpopmaild. But getting the root password or doing ssh root is out of question in my production environment. good idea... i take it one step further: the list of people who have root access (i.e. "myself only") is exactly the same as the list of people who are allowed to add or delete domains (also "myself only".) which means even vpopmaild doesn't NEED root access, since everything else it does can be done by the vpopmail user. as for compiling in extra password checks and so forth... have you read the documentation for "sudo"? you can allow certain users to execute certain commands with root permissions, but not give them unfettered root access. the syntax is a bit non-intuitive, but once you understand it, it can be quite powerful. it seems to me this would be a better solution than having to manually add in your own custom patches every time a new version of vpopmail is released. | John M. Simpson--- KG4ZOW ---Programmer At Large | | http://www.jms1.net/ | | http://video.google.com/videoplay?docid=-1656880303867390173 | PGP.sig Description: This is a digitally signed message part !DSPAM:49d69f8f32685873613284!
Re: [vchkpw] Further Information for Building RPM for vpopmail
2009/4/2 John Simpson > i hope these aren't the settings you're actually using on a real server > anywhere. Yes they are on a live server serving > 3 million users. But these programs have extra authentication/checks before they actually do the setuid(). In fact that is the first thing done after main(). These programs exit if they are not running under appropriate environment. and they are not the original vpopmail programs. Some of these require (vadddomain, vdeldomain) require root to update the qmail assign file. The root password for the servers running these programs are not with the administrators. I have given a wrong example. The 4555 should be read as 555 instead. > > if so, ANY user on the system, including the apache anonymous user, can > wipe out every mailbox on the system, with one command. Agree and hence the first thing after main(), these programs ask for extra userid/password (which is given to the mail administrators who do not have the root passwords of the host). > > you DO NOT want these to be setuid root. in fact, you don't want ANY of the > binaries to be setuid root, except possibly for vpopmaild, and that only if > you want to allow it to create and remove domains- otherwise it can run as > the vpopmail user with no ill effects. > I have not explored that. Example could be making qmail-newu to be setuid root and making the assign file writeable by vpopmail. But getting the root password or doing ssh root is out of question in my production environment. !DSPAM:49d4cd5932681802111020!
Re: [vchkpw] Further Information for Building RPM for vpopmail
On 2009-04-01, at 1001, Manvendra Bhangui wrote:
For the RPM installation, it is a good practice to set the
permission for
every file/directory under the %files section.
agreed.
It shouldn't be done under
%pre or %post section because then the RPM cannot figure out the
permissions
till it runs the script under %pre or %post section.
Example of how the entries should be
%dir %attr(555,vpopmail,vchkpw) %{_prefix}
%attr(4555,root,root) %{_prefix}/bin/vadduser
%attr(4555,root,root) %{_prefix}/bin/printdir
%attr(4555,root,root) %{_prefix}/bin/vdeluser
%attr(4555,root,root) %{_prefix}/bin/vbulletin
%attr(4555,root,root) %{_prefix}/bin/vdominfo
%attr(4555,root,root) %{_prefix}/bin/vadddomain
%attr(4555,root,root) %{_prefix}/bin/vdeldomain
i hope these aren't the settings you're actually using on a real
server anywhere.
if so, ANY user on the system, including the apache anonymous user,
can wipe out every mailbox on the system, with one command.
you DO NOT want these to be setuid root. in fact, you don't want ANY
of the binaries to be setuid root, except possibly for vpopmaild, and
that only if you want to allow it to create and remove domains-
otherwise it can run as the vpopmail user with no ill effects.
personally i think that's a better idea anyway. i don't WANT to be
able to do something as drastic as adding or removing domains through
a web interface. i would rather be required to SSH in and become root
in order to do this.
| John M. Simpson--- KG4ZOW ---Programmer At Large |
| http://www.jms1.net/ |
| http://video.google.com/videoplay?docid=-1656880303867390173 |
PGP.sig
Description: This is a digitally signed message part
!DSPAM:49d4c94732681038613752!
[vchkpw] Further Information for Building RPM for vpopmail
I have worked extensively last few months in building RPM for my project. So
I can work with anyone who is doing this for vpopmail.
For the RPM installation, it is a good practice to set the permission for
every file/directory under the %files section. It shouldn't be done under
%pre or %post section because then the RPM cannot figure out the permissions
till it runs the script under %pre or %post section.
Example of how the entries should be
%dir %attr(555,vpopmail,vchkpw) %{_prefix}
%attr(4555,root,root) %{_prefix}/bin/vadduser
%attr(4555,root,root) %{_prefix}/bin/printdir
%attr(4555,root,root) %{_prefix}/bin/vdeluser
%attr(4555,root,root) %{_prefix}/bin/vbulletin
%attr(4555,root,root) %{_prefix}/bin/vdominfo
%attr(4555,root,root) %{_prefix}/bin/vadddomain
%attr(4555,root,root) %{_prefix}/bin/vdeldomain
--
Regards Manvendra - http://www.indimail.org
Sent from Tamil Nadu, India
!DSPAM:49d373a632687530320538!
