Your life will be simpler if you just run two sets of authdaemonds, one for courier-imap and one for sqwebmail. It works fine, and there is no efficiency issue (6 extra slots in the process table don't cost anything). I suppose you'll have 5 extra connections to your back-end database, but that is unlikely to cost much either.
I would like to prune my authenticating daemons. I have different incarnations for sqwebmail, courier-imap, postfix and SASL basically doing the same thing! I prefer systems that are so simple that even I can understand them :oP
Can you describe what happened if you just made sqwebmail setuid to your particular user? Also, what platform are you running on?
I am not good at debugging C CGI scripts. I have done my CGIs in Perl. All that I know is:
[Tue Oct 07 09:30:30 2003] [error] [client a.b.c.d] Premature end of script headers: sqwebmail, referer: http://mail.example.com/cgi-bin/sqwebmail?noframes=1
[Tue Oct 07 09:30:30 2003] [error] [client a.b.c.d] setgid: Operation not permitted, referer: http://mail.example.com/cgi-bin/sqwebmail?noframes=1
That happened, when I changed the owner:group of sqwebmail to vmail:vmail. Courier-IMAP is running as vmail just fine. Then I changed the owner:group back to root:wheel and everything went back to normal. That's when I started investigating this.
uname -a:
FreeBSD mail.example.com 5.1-RELEASE-p8 FreeBSD 5.1-RELEASE-p8 #1: Tue Sep 30 13:12:10 EEST 2003 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/MINE i386
There was a change to this a little while ago: in sqwebmail/sqwebmail.c the following two lines were added
Yeah - I noticed that the SECURITY notice was a bit outdated. There was no authlib/changeuidgid.c. There is one in numlib, but that doesn't seem to the one SECURITY is referring to.
Nice if the check has been added to the main code. It just isn't working in my case. I wonder why? I am using 3.6.0 and the lines you refer to are in my source.
--
t. Petri
http://www.metis.fi/hlo/petri.html GSM: (+358400 | 0400) 505 939
