My scripts are not even near any document root.  There's a whole
separate directory tree (for *all* CGI directories on the server)
that is ScriptAlias'd.  I don't allow CGI for any user within
their doc root otherwise unsuspecting users would enable someone
to break into the server.  The system default CGI directory is
secured that no local user can get there and even look, let alone
make changes.  Others can't even find out if there's a SUID
script in there or not.


  > Hello Brian,
  > On Friday, December 13, 2002 at 2:46:28 PM you wrote:
  > >>>>> I know about the per user quota settings. Is there anywhere to do a
  > >>>>> per domain quota capping? Eg. Cap the quota for the directory of the
  > >>>>> domain.
  > >>>> Make use of system quota.
  > >>>> Create a dedicated user for each domain you want to have an overall
  > >>>> quota and make use of '-u' option in 'vadddomain'.
  > >>> When I had tried a similar thing earlier, qmailadmin refused to work
  > >>> probably due to change of user/group which expects vchkpw:vpopmail
  > >>> Is there any workaround for this problem, other than using a separate
  > >>> qmailadmin binary having identical permissions for every such domain
  > >>> group?
  > >> A theoretically, absolutely untested possibility could be putting all
  > >> domains in different system groups, but with user vpopmail and using
  > >> system-group-quotas, instead of system-user-quotas.
  > > If you use system quotas (as I do), then install qmailadmin setuid
  > > root and it all works fine. It will switch to the userid of the
  > > system account that is specified in the users/assign file.
  > Make sure the access to /cgi-bin/qmailadmin (or whatever your location
  > is) is additionally secured by webserver HTACCESS.
  > Running a cgi suid() to root is a dangerous thing, you _NEVER_ know
  > what exploits are possible.
  > The attacker might not be able to log in into qmailadmin, but he
  > might, for whatever reasons, be able to exploit the CGI and gain
  > root-access this way, BEFORE qmailadmin switches the identity.
  > Me personal would install separate qmailadmin-cgis or give the 'same
  > user, different groups and system group quotas' a try before setting
  > qmailadmin-cgi to SUID() root.
  > -- 
  > Best regards
  > Peter Palmreuther

Reply via email to