[vchkpw] setuid root vchkpw

2004-08-06 Thread Hugh Beaumont
Hello All,

I've been trying to find a method to run qmail + smtpd-auth + vpopmail with support 
for system
accounts without running any of it as root. Can anyone tell me if this is possible?

I believe it is impossible to have system account support without some part of the 
system running
as root. Is this correct?

Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently 
switched over to
:

qmail-pop3d runs as vpopmail - everything works except system account password checking

qmail-smtpd runs as qmaild user, vchkpw (for smtp-auth) is set as setuid 
vpopmail.vchkpw

Can anyone point me to a better method? A URL is fine. I've been unable to find 
anything.

I've considered going back to running qmail-pop3d as root, any suggestions?

Thanks!






__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 


Re: [vchkpw] setuid root vchkpw

2004-08-06 Thread Rick Widmer

Hugh Beaumont wrote:
Hello All,
I've been trying to find a method to run qmail + smtpd-auth + vpopmail with support 
for system
accounts without running any of it as root. Can anyone tell me if this is possible?
No.  If any accounts are not owned by vpopmail:vchkpw it must be root so
it can change to the user receiving mail.
I believe it is impossible to have system account support without some part of the 
system running
as root. Is this correct?
Yes.

Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently 
switched over to
:
I would avoid it.

I've considered going back to running qmail-pop3d as root, any suggestions?
Don't use system accounts, and run 100% virtual.  The only people with
logins on my mail server are the mail administrators.  I feel safer that
way.
Rick



Re: [vchkpw] setuid root vchkpw

2004-08-06 Thread Jeremy Kitchen
On Friday 06 August 2004 02:18 am, Hugh Beaumont wrote:
 qmail-pop3d runs as vpopmail - everything works except system account
 password checking

ls -l /etc/shadow

nuff said.

-Jeremy

-- 
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail



Re: [vchkpw] setuid root vchkpw

2004-08-06 Thread Hugh Beaumont
--- Jeremy Kitchen [EMAIL PROTECTED] wrote:

 On Friday 06 August 2004 02:18 am, Hugh Beaumont wrote:
  qmail-pop3d runs as vpopmail - everything works except system account
  password checking
 
 ls -l /etc/shadow
 
 nuff said.
 
 -Jeremy
 

Hi Jeremy,

Thanks for the, um, help :)

Obviously /etc/shadow is owned by root.root - this is why I assume there is know way 
to do this
without running some part of the system as root or doing some funky group 
manipulations (all of
which I would view as being a very bad idea).

However I thought that there may have been a prefered way among the group members of 
handling this
problem. I assume that most people just run vpopmail using only vpopmail owned 
accounts. However I
also assume that if anyone is using system accounts that they aren't too thrilled with 
the idea of
running it as root. I was hoping to hear of of any other possible ways to get around 
this.

Sincerely,

H.




__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 


Re: [vchkpw] setuid root vchkpw

2004-08-06 Thread Hugh Beaumont
--- Rick Widmer [EMAIL PROTECTED] wrote:

  I believe it is impossible to have system account support without some part of the 
  system
 running
  as root. Is this correct?
 
 Yes.
 
  Do most people run qmail-pop3d + vpopmail as root? I used to do this but recently 
  switched
 over to
  :
 
 I would avoid it.
 
  I've considered going back to running qmail-pop3d as root, any suggestions?
 
 Don't use system accounts, and run 100% virtual.  The only people with
 logins on my mail server are the mail administrators.  I feel safer that
 way.
 

Hi Rick,

Thanks for your help. Just what I was looking for. I assumed there was no way to do 
this but was
just looking for some confirmation.

Sincerely,

H.




__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail


Re: [vchkpw] setuid root vchkpw

2004-08-06 Thread Jeremy Kitchen
On Friday 06 August 2004 11:26 am, Hugh Beaumont wrote:
   qmail-pop3d runs as vpopmail - everything works except system account
   password checking

  ls -l /etc/shadow
  nuff said.

 Thanks for the, um, help :)

more like a hint :)

 Obviously /etc/shadow is owned by root.root - this is why I assume there is
 know way to do this without running some part of the system as root or
 doing some funky group manipulations (all of which I would view as being a
 very bad idea).

and if you did any group permissions on the /etc/shadow file, it would 
probably go away the second you added another user, unless you hacked your 
user modification programs, wrote your own, or did it manually, all of which 
are possible, but a complete waste of time in my opinion.

 However I thought that there may have been a prefered way among the group
 members of handling this problem. I assume that most people just run
 vpopmail using only vpopmail owned accounts. However I also assume that if
 anyone is using system accounts that they aren't too thrilled with the idea
 of running it as root. I was hoping to hear of of any other possible ways
 to get around this.

well, even if /etc/shadow was readable by the vpopmail user, each individual 
user's mail store probably isn't (for the system users), so that creates a 
problem.

It would take a whole lot of hacking, and it might work, but I doubt it's 
worth the time, and it may actually open up more security problems than it 
supposedly 'solves'.

I don't understand why you're so concerned with having the pop3 server run as 
root.  qmail-popup has no remote root holes (at least stock, which is what 
most people use, as I don't think there are any patches out there that 
directly affect qmail-popup other than maybe the errno patch) and unless your 
checkpassword replacement (in this case, vchkpw) has any (which, I've never 
heard of :), I don't see the need for concern.

On my mail server, I've been using system accounts with vmailmgr for several 
years, and I have never been worried about the security of my pop3/imap 
servers.  In fact, the thing I'd be worried the most about is clear text 
passwords, but I have SSL-enabled pop3, imap, and smtp services, so that 
problem is solved.

-Jeremy

-- 
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail



Re: [vchkpw] setuid root vchkpw

2004-08-06 Thread Hugh Beaumont
--- Jeremy Kitchen [EMAIL PROTECTED] wrote:

 I don't understand why you're so concerned with having the pop3 server run as 
 root.  qmail-popup has no remote root holes (at least stock, which is what 
 most people use, as I don't think there are any patches out there that 
 directly affect qmail-popup other than maybe the errno patch) and unless your 
 checkpassword replacement (in this case, vchkpw) has any (which, I've never 
 heard of :), I don't see the need for concern.
 

That's very good advice. I think I may eventually switch back. It always just bugged 
me a bit that
it was running as root when I was able to run qmail-smtp as non-root. But you are 
right, any
attempt to allow non-root system accounts would just cause even more secure issues due 
to all the
non-standard changes I'd have to make. I guess I'm just paranoid :)

Thanks!

H.





__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 


Re: [vchkpw] setuid root vchkpw

2004-08-06 Thread Jeremy Kitchen
On Friday 06 August 2004 11:53 am, Hugh Beaumont wrote:
 --- Jeremy Kitchen [EMAIL PROTECTED] wrote:
  I don't understand why you're so concerned with having the pop3 server
  run as root.  qmail-popup has no remote root holes (at least stock, which
  is what most people use, as I don't think there are any patches out there
  that directly affect qmail-popup other than maybe the errno patch) and
  unless your checkpassword replacement (in this case, vchkpw) has any
  (which, I've never heard of :), I don't see the need for concern.

 That's very good advice. I think I may eventually switch back. It always
 just bugged me a bit that it was running as root when I was able to run
 qmail-smtp as non-root. But you are right, any attempt to allow non-root
 system accounts would just cause even more secure issues due to all the
 non-standard changes I'd have to make. I guess I'm just paranoid :)

well, unpatched qmail-smtpd really has no reason to run as any specific user.  
qmail uses the qmaild user because the qmaild uid is hardcoded into 
qmail-queue, and if qmail-queue is invoked by that uid, it considers it to be 
coming 'from the network'.  Any and all users should be able to use 
qmail-queue (unless you've modified the permissions on the binary, which, 
while not very common, isn't unreasonable).

On the other hand, qmail-pop3d invokes an authenticator, which may need to 
read files owned by root, and may need to setuid to any arbitrary userid on 
the system.  Therefore it MUST run as root, as non-root users can't setuid.  
This is similar to the reasoning behind qmail-lspawn needing to run as root.

But I agree, I think you're just paranoid. (which is fine, and I'm trying to 
ease your paranoia :)  I'd rather deal with a paranoid admin than one who 
doesn't think before doing things that could potentially be dangerous (like, 
a publicly accessible network service run as root).

-Jeremy

-- 
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail