--- "Paul L. Allen" <[EMAIL PROTECTED]> wrote:
>
> > 1. chown the authdaemond socket to that user
>
> Brian said it was necessary. I've checked a couple
> of our standard installs (which don't mess with the
> socket) and it's owned by root:root with rwx access
> for ugo.
How I did that is by inserting chown statements after
authdaemond start line in /etc/init.d/sqwebmail:
/usr/local/share/sqwebmail/libexec/authlib/authdaemond
start
chown mailuser:mailgroup
/usr/local/share/sqwebmail/var/authdaemon/pid
chown mailuser:mailgroup
/usr/local/share/sqwebmail/var/authdaemon/socket
>
> > 6. Use the --with-cacheowner configure option to
> > control the ownership of the cache
>
> I thought that was all that was necessary. Mr Sam
> has pointed out that while it seems to work, you'll
> see error messages in your logs.
I used as follows:
--with-cacheowner=mailuser
--with-cachedir=/var/cache/sqwebmail
ls -l /var/cache/
drwxr-xr-x 2 mailuser mailgroup 4096 Oct 23
10:01 sqwebmail
No error message or complain regarding cache ownership
in any log file.
> > 2. Does not read templates from the location
> > SQWEBMAIL_TEMPLATEDIR environment variable points
> > to and instead it reads from its default location
> > /usr/local/share/sqwebmail/html
>
> I don't know about that. I only ever use the
> default location anyway. I don't think that the lack
> of suexec would cause it to fail, not unless where
> you pointed it at isn't readable by the sqwebmail
> user.
This used to work earlier when the SqWebMail run under
setuid-root.
The template directory pointed by
SQWEBMAIL_TEMPLATEDIR owns by the mailuser and group
mailgroup with drwxr-xr-x permission. Html files are
also same user/group with -rw-r--r--.
Does following statement in sqwebmail.c work when it
run under mailuser?
char *templatedir=getenv("SQWEBMAIL_TEMPLATEDIR");
> > 3. I have entered an invalid user id and password,
> > then the SqWebMail crashes with a Server Error
> > 500 (Premature end of script headers) without
> > complaining invalid userid/password.
>
> I get a complaint about invalid password and the
> login page again. The error you're seeing is because
> sqwebmail is emitting an error message without first
> outputting http headers. Sqwebmail usually does that
> when it finds something seriously wrong, like a
> missing file. The fact that you get a login page at
> all means that you have the ownership and
permissions
> of the sqwebmail CGI correct.
>
> You could try renaming sqwebmail and writing a bit
> of perl in its place that outputs a content-type
> header and then runs sqwebmail and passes it
whatever
> data it got.
> My guess is either the socket owner/permissions are
> wrong or it can't find or read the invalid.html
> template.
> What happens if you give a valid username and
> password? If it logs in successfully then the
socket
> must be OK and it's the invalid template that's
> missing. If you get a 500 error then it might be the
> socket or another missing template.
>
Its the same Server error 500 whether its valid or
invalid user/password.
Regards
Sagara
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
