we've got squirrelmail (all php) and cyrus21 running, and they
work like a dream. the not-so-dreamy part is when we try to give
users the option of changing their own passwords via the web
interface--
we did the standard (testing distro) "apt-get install
squirrelmail" to get it started, and then downloaded and
untarred one solitary plugin from squirrelmail.org -- which has
a teeny C program to run saslpasswd2 SUID user cyrus:
#include <stdio.h>
#include <unistd.h>
// set the UID this script will run as (cyrus user)
#define UID 109
// set the path to saslpasswd or saslpasswd2
#define CMD "/usr/sbin/saslpasswd2"
main(int argc, char *argv[])
{
int rc,cc;
cc = setuid(UID);
rc = execvp(CMD, argv);
if ((rc != 0) || (cc != 0))
{
fprintf(stderr,"__ %s: failed %d %d\n",argv[0],rc,cc);
exit(1);
}
}
that's the whole file! (where 109 is the uid in /etc/passwd for
user "cyrus".)
we installed libc6-dev, compiled the program and did
# chown cyrus.www-data chgsaslpasswd
# chmod 4550 chgsaslpasswd
# ls -F chgsaslpasswd
-r-sr-x--- 1 cyrus www-data 12346 Jun 17 18:51 chgsaslpasswd*
so it's runnable by apache (group www-data), and SUID to cyrus.
but, via apache, we see only:
[Thu Jun 17 21:15:19 2004] [notice] Apache/1.3.29 (Debian GNU/Linux) PHP/4.3.4
mod_ssl/2.8.16 OpenSSL/0.9.7c mod_perl/1.29 configured -- resuming normal operations
[Thu Jun 17 21:15:19 2004] [notice] suEXEC mechanism enabled (wrapper:
/usr/lib/apache-perl/suexec)
[Thu Jun 17 21:15:19 2004] [notice] Accept mutex: sysvsem (Default: sysvsem)
chgsaslpasswd: generic failure
fortunately (or not?) this is echoed when we try it from the
command line as user www-data (i.e. apache user):
# cd /usr/share/squirrelmail/plugins/chg_sasl_passwd
# su www-data
$ ./chgsaslpasswd -p pickauser
yyurYYUBicurYY4me
chgsaslpasswd: generic failure
of course, running this as user cyrus works fine (but we need it
to work for www-data, of course). is there something we're
missing in the SUID bits? why can't user www-data run this?
or, better yet, is there a debian-savvy "squirrelmail-plugins"
install method?
--
I use Debian/GNU Linux version 3.0;
Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
DEBIAN NEWBIE TIP #73 from USM Bish <[EMAIL PROTECTED]>
:
Looking for a way to CAPTURE A TRANSCRIPT OF SOME COMMANDS?
Easy! To catch anything from the screen when it scrolls by,
use "script":
script file-to-save-transcript-in.txt
<command>
<command>
exit <== don't forget this!
(It spawns another shell, and displays everything so you can
work -- but it also saves the output in the file at the same
time.) Then "pager file-*transcript*" to review it. Or email it.
Or edit it for inclusion in a manual you're writing.
Also see http://newbieDoc.sourceForge.net/ ...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
