Ken Jones wrote:

Any votes on which way of specifying directories would be easier
from the client program's point of view?
a) full paths
b) relative based on user or command

As long as you tell me where ~vpopmail is when I login, always using fully qualified paths will be easiest, I think. That way I don't have to change how I build commands depending on the access level of the user.

On login I could send vpopmail_dir /base/path/to/~vpopmail

It looks like you already are. When I logged in as SA, the first response is

vpopmail_dir /mail

which is ~vpopmail/ on my system. I want to make sure this is easy for people so we don't end up with a bunch of /home/vpopmail/'s hard coded in people's programs. Not everyone wants all their email in /home, and it should be easy to adapt.

I think it should be an error if:

SA asks for anything above ~vpopmail/domains

QA asks for anything above ~vpopmail/domains/mydomain

or a regular user above ~vpopmail/domains/mydomain/myhomedir

I think I would prefer if you hid the ~vpopmail/domains part from me entirely, and prepended it to my requested paths. A person coding on the PHP end of the daemon doesn't need to know anything about the actual directory structure in the machine.

Gotcha. There is code for validating directory input to restrict each
level of user to their respective base directories. Also it is checking
for ".." in any part of the directory. In case input tries to walk down
to / and trod on any file in the filesystem. Any other things we should
check for? Perhaps "%" in filenames?

If you wanted to create/update the Vacation file for [EMAIL PROTECTED], you would specify:



write_file /

I think it is best to allow either one...

If first char is '/', remove it.

For all users add ~vpopmail/domains/ before the specified path.

If regular user
   verify specified path starts with

If Domain Admin
   verify specified path starts with

If System Admin
   verify specified path actually exists

When adding files or directories chop of the last term, and verify the parent directory exists. Listing, reading or removing - verify the actual file or directory exists.

Reply via email to