Alejandro Aguilar Sierra wrote:

On Thu, 19 Feb 2004, Rick Widmer wrote:

There are now 21 functions available to access and update information
about email addresses.  To work they must be run as the vpopmail user.
I do it by running apache under the mail user.  Hopefully there are
other solutions available.

It should be possible to run with the web server user (in debian www-data)
and use internally the posmaster's (or user's) password. I'm afraid using
other user adds a weak security point and gets problems to web
applications which need to use the regular apache user.

I _wish_ it was possible. PHP running as an Apache module under the web
user will not be able to access anything in vpopmail.  There is no way
to check mail system permissions and allow access.  System permissions
won't allow it, and the www user can't change to the proper user.  (Only
root can do it, and if PHP is running you are a child process running as
www.  The only root owned process in Apache never serves web pages.)

I agree there is no way you should allow this extension on a web server
that hosts general web pages.  The extension grants full access to
accounts on the mail server, you don't want every web developer to have
that power.  So it is a good thing if all the functions in the extension
fail if not run as the mail user.  (I just added it to the TODO.  That
way you only need one Apache executable.)

There are two ways to run the extension that I know of.

o Start a separate instance of Apache on its own port or IP address,
running as the mail user.  This instance should only serve mail related
pages.  This is very easy to do.

o Don't allow any web sites on the mail server.  Only run QmailAdmin and
sqWebmail on the mail server, and don't allow anyone but mail system
administrators to login on the machine.  (This is the one I use.)

If you can't do one of those, this module isn't for you.  It must run as
the mail server user to do its magic.  I don't think there is any other
way to run as an Apache module and access mail.

There is one other limitation, all the mail accounts must be under the
vpopmail user.  If you place domains under other users, you will not be
able to access them with this extension.

It might be possible to do something with CGI to allow PHP to run only
mail related programs as the mail user, but then there may be a problem
with keeping other web sites on the same machine from having that
ability.  I don't know, and I won't be thinking about it at least until
QmailAdmin 1.3 is out.  That is my real priority.

There are some cool possibilities exec'ing a program, or having a long
running daemon, but these are for someone else to ponder.  One tough
question if you are considering writing one of these, how are you going
to make sure only authorized users have access.  The vpopmail api allows
everything and expects the application program (like QmailAdmin) to
handle authentication issues.  If you can access the library you can do


Reply via email to