Re: [vchkpw] vauth_getpw() with Apache/CGI
On 2005-10-19, at 2029, Charles Collicutt wrote: On Wed, Oct 19, 2005 at 02:32:34PM -0700, Tom Collins wrote: IIRC, it may need to read the files in /var/qmail/control and/or /var/qmail/users as well. Thank you - it makes sense now. It looks like it will be easiest to just leave the setuid bit on my program so it runs as root, which is slightly annoying but not the end of the world. rather than making it setuid root, i think i would have it setuid to the vpopmail user- just as qmailadmin does. that will give it the permissions it needs to do its job, without the potential dangers of giving it full root access. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ <[EMAIL PROTECTED]> | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] vauth_getpw() with Apache/CGI
On Wed, Oct 19, 2005 at 02:32:34PM -0700, Tom Collins wrote: > IIRC, it may need to read the files in /var/qmail/control and/or > /var/qmail/users as well. Thank you - it makes sense now. It looks like it will be easiest to just leave the setuid bit on my program so it runs as root, which is slightly annoying but not the end of the world. Thank you very much to everyone who helped me. -- Charles Collicutt pgplbM9Y55jMs.pgp Description: PGP signature
Re: [vchkpw] vauth_getpw() with Apache/CGI
On Oct 19, 2005, at 12:41 PM, Charles Collicutt wrote: As a temporary solution my program is owned by root:www-data with the permissions set to 04750 but I'd like to work out what is going on if possible. MySQL access works fine, is there anything else that vauth_getpw() needs access to that might be causing the problem? IIRC, it may need to read the files in /var/qmail/control and/or /var/qmail/users as well. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] vauth_getpw() with Apache/CGI
On Wed, Oct 19, 2005 at 10:39:03AM -0700, Jeremy Kitchen wrote: > when you're running it on the command line you're probably running it > as root, and when apache is running it, it's probably running it as > the 'apache' or 'nobody' user (or whatever apache runs as on your > system) and therefore doesn't have permission to read the vpopmail > data. On Wed, Oct 19, 2005 at 08:26:48PM +0200, Jan Lange wrote: > you must your script run as user root or vpopmail. On Wed, Oct 19, 2005 at 08:43:58PM +0200, Tijs Zwinkels wrote: > Probably your /var/vpopmail/etc/vpopmail.mysql isn't readable by the > user the apache-server runs under. Thank you all very much for your help! It certainly does seem to be something to do with permissions but I'm not sure what. If I run the program from the command line as the www-data user (which is the user Apache runs as) then it fails in the same way. However, the www-data user can read ~vpopmail/etc/vpopmail.mysql (www-data is a member of the vchkpw group and the file permissions are set to 640) and valias_insert() and valias_remove() work fine (both of which access and modify the database as my aliases are stored in the MySQL database.) I thought maybe it was something to do with the permissions in the ~vpopmail/domains directory but they are all set to be group readable and writable so www-data should be able to change them as necessary. As a temporary solution my program is owned by root:www-data with the permissions set to 04750 but I'd like to work out what is going on if possible. MySQL access works fine, is there anything else that vauth_getpw() needs access to that might be causing the problem? (Incidentally, this is not a public server - I am the only person who can run CGI programs on it.) Thank you all for your help, it's greatly appreciated. -- Charles Collicutt pgpnq5xXSxgNp.pgp Description: PGP signature
Re: [vchkpw] vauth_getpw() with Apache/CGI
Hi Charles, Probably your /var/vpopmail/etc/vpopmail.mysql isn't readable by the user the apache-server runs under. As a matter of fact, you might not want it to be readable by the apache user. If it's a public server, this would allow everyone who can write cgi scripts or the like to read the login information to your vpopmail database. I've worked around this by hacking the password in the vpopmail source code (can post a patch if people are interested, but it's really very simple), but it should be clear that this is really a *very* *dirty* solution. Greetings, On Wednesday 19 October 2005 19:25, Charles Collicutt wrote: > Hi, > > I have written a CGI program in C for web-based administration of a > vpopmail setup. It duplicates some of the functionality of Qmailadmin > but I have written it in order to test some ideas and learn more about > Vpopmail before I write a more complicated program. > > When I run it from the command line it works perfectly - no problems at > all. However, when it is called as a CGI program by Apache it seems to > have a problem with vauth_getpw() - it returns NULL even for valid > users. I am using the MySQL backend. > > I have no problems with vpopmail normally, and even this program works > fine when called from the command line (with the appropriate input and > environment variables as if it were a CGI program), but vauth_getpw() > just doesn't seem to work when the program is invoked by Apache. There > isn't anything in Apache's error.log either. > > Does anyone have any idea what's going wrong? > > Thanks for your help. -- grtz Tijs Zwinkels ... A bus station is where the bus stops. A train station is where the train stops. On my desk I have a workstation.
Re: [vchkpw] vauth_getpw() with Apache/CGI
Hi, do you use suexec in apache? you must your script run as user root or vpopmail. greetings jan Charles Collicutt schrieb: Hi, I have written a CGI program in C for web-based administration of a vpopmail setup. It duplicates some of the functionality of Qmailadmin but I have written it in order to test some ideas and learn more about Vpopmail before I write a more complicated program. When I run it from the command line it works perfectly - no problems at all. However, when it is called as a CGI program by Apache it seems to have a problem with vauth_getpw() - it returns NULL even for valid users. I am using the MySQL backend. I have no problems with vpopmail normally, and even this program works fine when called from the command line (with the appropriate input and environment variables as if it were a CGI program), but vauth_getpw() just doesn't seem to work when the program is invoked by Apache. There isn't anything in Apache's error.log either. Does anyone have any idea what's going wrong? Thanks for your help.
Re: [vchkpw] vauth_getpw() with Apache/CGI
On Wednesday 19 October 2005 10:25 am, Charles Collicutt wrote: > Hi, > > I have written a CGI program in C for web-based administration of a > vpopmail setup. It duplicates some of the functionality of Qmailadmin > but I have written it in order to test some ideas and learn more about > Vpopmail before I write a more complicated program. > > When I run it from the command line it works perfectly - no problems at > all. However, when it is called as a CGI program by Apache it seems to > have a problem with vauth_getpw() - it returns NULL even for valid > users. I am using the MySQL backend. > > I have no problems with vpopmail normally, and even this program works > fine when called from the command line (with the appropriate input and > environment variables as if it were a CGI program), but vauth_getpw() > just doesn't seem to work when the program is invoked by Apache. There > isn't anything in Apache's error.log either. > > Does anyone have any idea what's going wrong? when you're running it on the command line you're probably running it as root, and when apache is running it, it's probably running it as the 'apache' or 'nobody' user (or whatever apache runs as on your system) and therefore doesn't have permission to read the vpopmail data. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgp0neDZbikey.pgp Description: PGP signature