[vchkpw] Permissions on vpopmail install suggestion
Many of us use either qmail-scanner-queue or simscan via patched qmail ahead of vpopmail. If, as is good prcatice, we allow the scanner to run under its own user ID, vchkpw will fail because instead of running as user vchkpw it is running as the scanner user which doesn't have access to the password files. I would like to suggest that in the make install, the permission for vchkpw be set to 4711 so that it will always execute as the vchkpw user. Doing this will eliminate a bit of extra work when upgrading and will stop the large number of user questions when they do their qmail installs. Thanks, Bob
Re: [vchkpw] vpopmail 5.4.20 released
On Wednesday 22 August 2007, Rick Widmer wrote: http://vpopmail.sf.net/ 5.4.20 - released 21-Aug-07 Feels odd to ask this, but in the UPGRADE document, it lists the pw_domain columns as requiring updates, but my databases have just domain in them except for the vpopmail table. I've upgraded them manually, but should I be re-naming the columns manually? I'd prefer not to take the plunge and ask instead. :) Moving from 5.4.17. Thanks for any help. -- Cheers, Steve |President Systems Administrator, Kingston Online Services |URL: http://www.kos.net/ 613-549-8667/613-968-7137
[vchkpw] domains spanning directories
When new users are added to vpopmail and you reach a certain number of them, it creates a new folder and puts users in that folder. Then, when you reach another level of users, it adds a new folder and repeats the cycle. Presumably, it does the same thing with domains, but we have 25 domains at the top level, then a 0 directory with 190 domains. It seem that it should have spanned to a 1 directory by now. Is this the case? If not, how can I fix it so that it will create a 1 and move on? I don't really see a need to relocate the existing ones... Trey Nolen
Re: [vchkpw] Permissions on vpopmail install suggestion
On 2007-08-22, at 1534, Bob wrote: Many of us use either qmail-scanner-queue or simscan via patched qmail ahead of vpopmail. If, as is good prcatice, we allow the scanner to run under its own user ID, vchkpw will fail because instead of running as user vchkpw it is running as the scanner user which doesn't have access to the password files. I would like to suggest that in the make install, the permission for vchkpw be set to 4711 so that it will always execute as the vchkpw user. Doing this will eliminate a bit of extra work when upgrading and will stop the large number of user questions when they do their qmail installs. i've been doing this for several years. and for those who run into this issue, at least with simscan, i refer you to this page which explains the problem and how to work around it: http://qmail.jms1.net/simscan/troubleshooting.shtml i also think the install procedure for simscan needs to be changed a bit, but that probably belongs on the simscan mailing list. | John M. Simpson--- KG4ZOW ---Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | | http://video.google.com/videoplay?docid=-1656880303867390173 | PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] Permissions on vpopmail install suggestion
On 2007-08-22, at 1952, John Simpson wrote: On 2007-08-22, at 1534, Bob wrote: Many of us use either qmail-scanner-queue or simscan via patched qmail ahead of vpopmail. If, as is good prcatice, we allow the scanner to run under its own user ID, vchkpw will fail because instead of running as user vchkpw it is running as the scanner user which doesn't have access to the password files. I would like to suggest that in the make install, the permission for vchkpw be set to 4711 so that it will always execute as the vchkpw user. Doing this will eliminate a bit of extra work when upgrading and will stop the large number of user questions when they do their qmail installs. i've been doing this for several years. let me correct this statement... i DID this for years, but i don't do it any longer. the problem that bob is talking about is this- if somebody is using the normal AUTH patch for qmail, and wants to use vchkpw as a method of allowing qmail-smtpd to validate AUTH commands, the vchkpw command needs to have permission to read the vpasswd.cdb files. and if it runs as the qmaild user, it doesn't have that permission. one solution, and what i did myself for a few years, is to make vchkpw run setuid root. however, some people set up vpopmail domains using different system uid's (i.e. vadddomain with the -u option) for different domains, as a way to implement domain quotas by setting a filesystem quota on the uid which controls the domain. in this situation, you do NOT want vchkpw to be setuid to the vpopmail user. a better solution is to make qmail-smtpd use something other than a checkpassword program (which is what vchkpw actually is) to verify passwords. this was the reason that i wrote an addition to my combined qmail patch, which teaches qmail-smtpd to use an auth.cdb file, with email addresses as keys and encrypted passwords as values, to validate AUTH commands. since i've started using this, i haven't needed vchkpw to be setuid, and in fact it's not setuid on my server any more. one of these days i'll get around to writing an AUTH_CDB patch for djb's virgin qmail-1.03 code, and probably for netqmail-1.05 as well, but for now it's available in my combined patch (which has lots of other yummy features as well.) | John M. Simpson--- KG4ZOW ---Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | | http://video.google.com/videoplay?docid=-1656880303867390173 | PGP.sig Description: This is a digitally signed message part