Sagara Wijetunga writes:
[templates]
> This used to work earlier when the SqWebMail run under
> setuid-root.
>
> The template directory pointed by
> SQWEBMAIL_TEMPLATEDIR owns by the mailuser and group
> mailgroup with drwxr-xr-x permission. Html files are
> also same user/group with -rw-r--r--.
Check that directory permissions higher up aren't causing problems.
> Does following statement in sqwebmail.c work when it
> run under mailuser?
> char *templatedir=getenv("SQWEBMAIL_TEMPLATEDIR");
Suexec cleans out environment variables, leaving only those which
were defined as being 'safe' when it was compiled. Without
adding SQWEBMAIL_TEMPLATEDIR to the list and recompiling suexec,
it won't work. That may be an acceptable solution to you if you
need this and need it now, but it's going to be a pain for anyone
who uses the pre-built Apache that comes with most distributions
and wants to rely upon automatic updating mechanisms to get the
latest release with security patches.
The only relatively easy way I can think of having multiple templates
available that would work under suexec is to extend the logindomainlist
format to include a template directory as a fourth field. Somebody who
is intimately familiar with the code may be able to think of a cleaner
or easier way.
Something else just came to mind. I don't know about fastCGI, but mod_perl
doesn't run under suexec, and you have to specifically enable it on any
virtual domain where it is required. We have some internal stuff on our
own domain running under mod_perl which is safe enough because we don't
allow anybody else to use it. If fastCGI is the same, and you don't need
to make it available to websites other than your own, you could use that
and go back to setuid on sqwebmail. Probably.
--
Paul Allen
Softflare Support
