On Fri, 2003-09-12 at 01:17, Paul L. Allen wrote:
> > This is an interesting point and I'd love to find a clean solution to
> > this issue.
> I don't think you'll find a clean solution which doesn't involve set-id.
> All the others are messy to administer, like a MySQL username per system
> user or adding a special group to every user (do all *nixes handle that
> well these days?)
If you add a special group to every user you are back where you started.
I can't see what's wrong with a mysql user per system user. That would
be really clean and effective. If the admistrative tools is integrated
into vpopmail, i fail to see any troble ahead (user/admin-vice).
It would completely remove any use for any setuid/setgid-hacks. It will
also remove the possibility of users injecting sql into any data not
belonging to them.
One problem would be the table-layout, the vpopmail-table would be
useless for example.
> How about this:
> 1) An additional user and group, vpsql, used for absolutely no other
> purpose (except perhaps as owner of vpopmail database).
> 2) MySQL username and password in a file readable only by vpsql user
> and group, and writeable only by vpsql user (if that - most people
> will probably edit it as root).
> 3) A very small utility that is setgid vpsql. It does the following
> when passed a username and password to verify.
You will also need small tools to do all other sorts of operations,
quota, valias and so on.
> a) Reads the information in the password file.
> b) Drops setgid so it can do nothing further with the password file.
> c) Connects to MySQL.
- and forgets username and password.
> e) Verifies mail username and password against database.
> f) Returns go or no-go.
It's not as simple as that, think about APOP authentication...