[vchkpw] setuid root vchkpw
Hello All, I've been trying to find a method to run qmail + smtpd-auth + vpopmail with support for system accounts without running any of it as root. Can anyone tell me if this is possible? I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : qmail-pop3d runs as vpopmail - everything works except system account password checking qmail-smtpd runs as qmaild user, vchkpw (for smtp-auth) is set as setuid vpopmail.vchkpw Can anyone point me to a better method? A URL is fine. I've been unable to find anything. I've considered going back to running qmail-pop3d as root, any suggestions? Thanks! __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
Re: [vchkpw] setuid root vchkpw
Hugh Beaumont wrote: Hello All, I've been trying to find a method to run qmail + smtpd-auth + vpopmail with support for system accounts without running any of it as root. Can anyone tell me if this is possible? No. If any accounts are not owned by vpopmail:vchkpw it must be root so it can change to the user receiving mail. I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Yes. Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : I would avoid it. I've considered going back to running qmail-pop3d as root, any suggestions? Don't use system accounts, and run 100% virtual. The only people with logins on my mail server are the mail administrators. I feel safer that way. Rick
Re: [vchkpw] setuid root vchkpw
On Friday 06 August 2004 02:18 am, Hugh Beaumont wrote: qmail-pop3d runs as vpopmail - everything works except system account password checking ls -l /etc/shadow nuff said. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] setuid root vchkpw
--- Jeremy Kitchen [EMAIL PROTECTED] wrote: On Friday 06 August 2004 02:18 am, Hugh Beaumont wrote: qmail-pop3d runs as vpopmail - everything works except system account password checking ls -l /etc/shadow nuff said. -Jeremy Hi Jeremy, Thanks for the, um, help :) Obviously /etc/shadow is owned by root.root - this is why I assume there is know way to do this without running some part of the system as root or doing some funky group manipulations (all of which I would view as being a very bad idea). However I thought that there may have been a prefered way among the group members of handling this problem. I assume that most people just run vpopmail using only vpopmail owned accounts. However I also assume that if anyone is using system accounts that they aren't too thrilled with the idea of running it as root. I was hoping to hear of of any other possible ways to get around this. Sincerely, H. __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
Re: [vchkpw] setuid root vchkpw
--- Rick Widmer [EMAIL PROTECTED] wrote: I believe it is impossible to have system account support without some part of the system running as root. Is this correct? Yes. Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently switched over to : I would avoid it. I've considered going back to running qmail-pop3d as root, any suggestions? Don't use system accounts, and run 100% virtual. The only people with logins on my mail server are the mail administrators. I feel safer that way. Hi Rick, Thanks for your help. Just what I was looking for. I assumed there was no way to do this but was just looking for some confirmation. Sincerely, H. __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: [vchkpw] setuid root vchkpw
On Friday 06 August 2004 11:26 am, Hugh Beaumont wrote: qmail-pop3d runs as vpopmail - everything works except system account password checking ls -l /etc/shadow nuff said. Thanks for the, um, help :) more like a hint :) Obviously /etc/shadow is owned by root.root - this is why I assume there is know way to do this without running some part of the system as root or doing some funky group manipulations (all of which I would view as being a very bad idea). and if you did any group permissions on the /etc/shadow file, it would probably go away the second you added another user, unless you hacked your user modification programs, wrote your own, or did it manually, all of which are possible, but a complete waste of time in my opinion. However I thought that there may have been a prefered way among the group members of handling this problem. I assume that most people just run vpopmail using only vpopmail owned accounts. However I also assume that if anyone is using system accounts that they aren't too thrilled with the idea of running it as root. I was hoping to hear of of any other possible ways to get around this. well, even if /etc/shadow was readable by the vpopmail user, each individual user's mail store probably isn't (for the system users), so that creates a problem. It would take a whole lot of hacking, and it might work, but I doubt it's worth the time, and it may actually open up more security problems than it supposedly 'solves'. I don't understand why you're so concerned with having the pop3 server run as root. qmail-popup has no remote root holes (at least stock, which is what most people use, as I don't think there are any patches out there that directly affect qmail-popup other than maybe the errno patch) and unless your checkpassword replacement (in this case, vchkpw) has any (which, I've never heard of :), I don't see the need for concern. On my mail server, I've been using system accounts with vmailmgr for several years, and I have never been worried about the security of my pop3/imap servers. In fact, the thing I'd be worried the most about is clear text passwords, but I have SSL-enabled pop3, imap, and smtp services, so that problem is solved. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] setuid root vchkpw
--- Jeremy Kitchen [EMAIL PROTECTED] wrote: I don't understand why you're so concerned with having the pop3 server run as root. qmail-popup has no remote root holes (at least stock, which is what most people use, as I don't think there are any patches out there that directly affect qmail-popup other than maybe the errno patch) and unless your checkpassword replacement (in this case, vchkpw) has any (which, I've never heard of :), I don't see the need for concern. That's very good advice. I think I may eventually switch back. It always just bugged me a bit that it was running as root when I was able to run qmail-smtp as non-root. But you are right, any attempt to allow non-root system accounts would just cause even more secure issues due to all the non-standard changes I'd have to make. I guess I'm just paranoid :) Thanks! H. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
Re: [vchkpw] setuid root vchkpw
On Friday 06 August 2004 11:53 am, Hugh Beaumont wrote: --- Jeremy Kitchen [EMAIL PROTECTED] wrote: I don't understand why you're so concerned with having the pop3 server run as root. qmail-popup has no remote root holes (at least stock, which is what most people use, as I don't think there are any patches out there that directly affect qmail-popup other than maybe the errno patch) and unless your checkpassword replacement (in this case, vchkpw) has any (which, I've never heard of :), I don't see the need for concern. That's very good advice. I think I may eventually switch back. It always just bugged me a bit that it was running as root when I was able to run qmail-smtp as non-root. But you are right, any attempt to allow non-root system accounts would just cause even more secure issues due to all the non-standard changes I'd have to make. I guess I'm just paranoid :) well, unpatched qmail-smtpd really has no reason to run as any specific user. qmail uses the qmaild user because the qmaild uid is hardcoded into qmail-queue, and if qmail-queue is invoked by that uid, it considers it to be coming 'from the network'. Any and all users should be able to use qmail-queue (unless you've modified the permissions on the binary, which, while not very common, isn't unreasonable). On the other hand, qmail-pop3d invokes an authenticator, which may need to read files owned by root, and may need to setuid to any arbitrary userid on the system. Therefore it MUST run as root, as non-root users can't setuid. This is similar to the reasoning behind qmail-lspawn needing to run as root. But I agree, I think you're just paranoid. (which is fine, and I'm trying to ease your paranoia :) I'd rather deal with a paranoid admin than one who doesn't think before doing things that could potentially be dangerous (like, a publicly accessible network service run as root). -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail