Re: [vchkpw] vadddomain -u issues
Tom Collins wrote: On Apr 14, 2006, at 9:57 AM, Ken Jones wrote: kengheng wrote: When I add a domain using vadddomain -u , I have to change the permission of /var/qmail/vpopmail/etc/vpopmail.mysql to o+r ? Thanks. Yes. By default, and for security reasons, the ~vpopmail/etc/vpopmail.mysql file is only readable by the vpopmail user. If you add any domain under a different user, that user will need access to that file. You could either grant access to all users, or you could make sure the vchkpw group has access and include the new user in the vchkpw group. Note that making it world-readable opens up a dangerous security hole. If someone can get access to the server, they can learn the username and password for the entire vpopmail database. If that server just does email, and only admins have access/accounts, then it's less of a risk. Doing it on a server that does web hosting and allows users to upload their own cgi scripts would be very dangerous. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ I agree with Tom, it will lead to more threats available. I'm using vadddomain -u option is for system based quota control, if the -u is not suitable in this scenario, what else can be used to control the mail quota since the vpopmail is not plan to add the domain quota function. Thanks.
Re: [vchkpw] vadddomain -u issues
On Apr 14, 2006, at 9:57 AM, Ken Jones wrote: kengheng wrote: When I add a domain using vadddomain -u , I have to change the permission of /var/qmail/vpopmail/etc/vpopmail.mysql to o+r ? Thanks. Yes. By default, and for security reasons, the ~vpopmail/etc/vpopmail.mysql file is only readable by the vpopmail user. If you add any domain under a different user, that user will need access to that file. You could either grant access to all users, or you could make sure the vchkpw group has access and include the new user in the vchkpw group. Note that making it world-readable opens up a dangerous security hole. If someone can get access to the server, they can learn the username and password for the entire vpopmail database. If that server just does email, and only admins have access/accounts, then it's less of a risk. Doing it on a server that does web hosting and allows users to upload their own cgi scripts would be very dangerous. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/
Re: [vchkpw] vadddomain -u issues
kengheng wrote: When I add a domain using vadddomain -u , I have to change the permission of /var/qmail/vpopmail/etc/vpopmail.mysql to o+r ? Thanks. Yes. By default, and for security reasons, the ~vpopmail/etc/vpopmail.mysql file is only readable by the vpopmail user. If you add any domain under a different user, that user will need access to that file. You could either grant access to all users, or you could make sure the vchkpw group has access and include the new user in the vchkpw group. -- Ken Jones inter7
[vchkpw] vadddomain -u issues
When I add a domain using vadddomain -u , I have to change the permission of /var/qmail/vpopmail/etc/vpopmail.mysql to o+r ? Thanks.
