[vchkpw] setuid root vchkpw
Hello All, I've been trying to find a method to run qmail + smtpd-auth + vpopmail with support for system accounts without running any of it as root. Can anyone tell me if this is possible? I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : qmail-pop3d runs as vpopmail - everything works except system account password checking qmail-smtpd runs as qmaild user, vchkpw (for smtp-auth) is set as setuid vpopmail.vchkpw Can anyone point me to a better method? A URL is fine. I've been unable to find anything. I've considered going back to running qmail-pop3d as root, any suggestions? Thanks! __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
Re: [vchkpw] setuid root vchkpw
--- Jeremy Kitchen [EMAIL PROTECTED] wrote: On Friday 06 August 2004 02:18 am, Hugh Beaumont wrote: qmail-pop3d runs as vpopmail - everything works except system account password checking ls -l /etc/shadow nuff said. -Jeremy Hi Jeremy, Thanks for the, um, help :) Obviously /etc/shadow is owned by root.root - this is why I assume there is know way to do this without running some part of the system as root or doing some funky group manipulations (all of which I would view as being a very bad idea). However I thought that there may have been a prefered way among the group members of handling this problem. I assume that most people just run vpopmail using only vpopmail owned accounts. However I also assume that if anyone is using system accounts that they aren't too thrilled with the idea of running it as root. I was hoping to hear of of any other possible ways to get around this. Sincerely, H. __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
Re: [vchkpw] setuid root vchkpw
--- Rick Widmer [EMAIL PROTECTED] wrote: I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Yes. Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : I would avoid it. I've considered going back to running qmail-pop3d as root, any suggestions? Don't use system accounts, and run 100% virtual. The only people with logins on my mail server are the mail administrators. I feel safer that way. Hi Rick, Thanks for your help. Just what I was looking for. I assumed there was no way to do this but was just looking for some confirmation. Sincerely, H. __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: [vchkpw] setuid root vchkpw
--- Jeremy Kitchen [EMAIL PROTECTED] wrote: I don't understand why you're so concerned with having the pop3 server run as root. qmail-popup has no remote root holes (at least stock, which is what most people use, as I don't think there are any patches out there that directly affect qmail-popup other than maybe the errno patch) and unless your checkpassword replacement (in this case, vchkpw) has any (which, I've never heard of :), I don't see the need for concern. That's very good advice. I think I may eventually switch back. It always just bugged me a bit that it was running as root when I was able to run qmail-smtp as non-root. But you are right, any attempt to allow non-root system accounts would just cause even more secure issues due to all the non-standard changes I'd have to make. I guess I'm just paranoid :) Thanks! H. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
