Petri Riihikallio writes: > >Sqwebmail does not support any mode of operation other than suid CGIs > >with suexec DISabled. > > Good I hadn't read your post before I tried. It took me about an > hour: rebuilding Apache once and sqwebmail twice.
If you had read my post first it might have taken two hours... :) > The gotcha was that the --cacheowner must be the virtual mail user, too. Correct. Oh, and you have to have the ownerships consistent. Because sqwebmail is not suid root (dangerous) or even suid at all, it all needs to match up. But it should be the same as if sqwebmail were running on a non-suexec server with suid vpopmail (which is how it is designed to work) so shouldn't be a big problem to get right. If you know what you're doing, you can even persuade suexec to run suid scripts, but it's a bodge involving a wrapper script. I wouldn't recommend it except in very specific instances. > I couldn't get sqwebmail to work under any other privs than suid > root. It is designed to work (without suexec) with vpopmail by having owner vpopmail and group vchkpw, just like all the other vpopmail stuff. Then with sqwebmail suid all is fine. With suexec you still have to have consistent ownerships but no suid. > sqwebmail running non-root Sqwebmail being suid root is a bad idea, as I'm sure you know. I try to restrict suid root to as little as possible, but sometimes there's no alternative. In this case there is. -- Paul Allen Softflare Support
