On Fri, 2003-09-12 at 01:17, Paul L. Allen wrote:
> > This is an interesting point and I'd love to find a clean solution to 
> > this issue.
> I don't think you'll find a clean solution which doesn't involve set-id.
> All the others are messy to administer, like a MySQL username per system
> user or adding a special group to every user (do all *nixes handle that
> well these days?)

If you add a special group to every user you are back where you started.
I can't see what's wrong with a mysql user per system user. That would
be really clean and effective. If the admistrative tools is integrated
into vpopmail, i fail to see any troble ahead (user/admin-vice).
It would completely remove any use for any setuid/setgid-hacks. It will
also remove the possibility of users injecting sql into any data not
belonging to them.
One problem would be the table-layout, the vpopmail-table would be
useless for example.

> How about this:
>   1) An additional user and group, vpsql, used for absolutely no other 
>   purpose (except perhaps as owner of vpopmail database).
>   2) MySQL username and password in a file readable only by vpsql user
>   and group, and writeable only by vpsql user (if that - most people
>   will probably edit it as root).
>   3) A very small utility that is setgid vpsql.  It does the following
>   when passed a username and password to verify.

You will also need small tools to do all other sorts of operations,
quota, valias and so on.

>     a) Reads the information in the password file.
>     b) Drops setgid so it can do nothing further with the password file.
>     c) Connects to MySQL.

- and forgets username and password.

>     e) Verifies mail username and password against database.
>     f) Returns go or no-go.

It's not as simple as that, think about APOP authentication...


Reply via email to