Hash: SHA1

On 04/15/2011 09:47 AM, Johannes Weberhofer wrote:
>> Tools like vadddomain fails when called by a regular user (Error: Can
>> not make domains directory). I haven't checked for the other tools, but
>> I think no user except root can use those. So it could be good to change
>> permissions to 0750 root.root. It's a kind of security improvement, too.

Correct, users do not have the proper permissions to execute these
commands.  You may place any permissions on these files that you would
like.  Regular users (non-root, non-vpopmail, and non-vchkpw) cannot
execute these commands because they read/write resources their uid:gid
cannot access.

In 5.5, the binaries do not contain any sensitive information, so being
able to read or execute the binary as a regular user does not matter.

>> You don't see any issues on moving the binaries to /usr/sbin, so you?

Nope.  The binaries do not care where they are located.

>>>> Regarding the FHS, I think those binaries should be moved to /usr/sbin.
>>>> What do you think?
>>>> Regarding the documentation I'd recommend to change the examples to
>>>> install vpopmail into /var/lib/vpopmail, following the FHS 2.3
>>>> section 5.1.
> What examples are you referring to?
>> I had a look on doc/INSTALL.

I don't see any reference to FHS pathing in doc/INSTALL.  The only
change in 5.5 in regards to FHS, is that vpopmail will support alternate
pathing than the default "~vpopmail" style.

This was added to support FHS, but by default, vpopmail plans to
continue its default behavior of installing under the vpopmail user's
home directory.

Hope that helps!
- -- 
    Matt Brookings <m...@inter7.com>       GnuPG Key FAE0672C
    Software developer                     Systems technician
    Inter7 Internet Technologies, Inc.     (815)776-9465
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Reply via email to