On Thursday, September 25, 2003, at 06:01 AM, Frank wrote:
I chmodded /vpopmail.mysql to 644, which got passed the Permission denied error. # chmod 644 vpopmail.mysql
This is a bad idea. Now, anyone one your system can read the mysql username and password and gain access to your entire vpopmail database. It should be owned correctly, and the programs that need to access it should be running as the correct username.
Please look at a previous message I sent you about making sure qmail-smtpd is running as the vpopmail user.
After checking that it got past the error, I noticed that the permissions
were set to root on the ~/etc directory. (Root seems to be the default
after installation ~ bug??)
# pwd /usr/home/vpopmail # ls -l total 6 drwxr-xr-x 2 root vchkpw 512 Sep 10 11:39 bin drwxr-xr-x 4 root vchkpw 512 Sep 7 10:10 doc drwx------ 4 vpopmail vchkpw 512 Sep 25 06:17 domains drwxr-xr-x 2 root vchkpw 512 Sep 7 10:11 etc drwxr-xr-x 2 root vchkpw 512 Sep 10 11:39 include drwxr-xr-x 2 root vchkpw 512 Sep 10 11:39 lib
This might be a problem for updating the tcp.smtp file, but not for reading the vpopmail.mysql file.
It is the result of a bug, and it's been fixed in the CVS repository for fresh installs, but users will have to manually fix the permissions on their existing installs.
Here are the proper permissions:
chown vpopmail.vchkpw ~vpopmail/bin ~vpopmail/doc ~vpopmail/etc ~vpopmail/include
chmod 0755 ~vpopmail/bin ~vpopmail/doc ~vpopmail/etc ~vpopmail/include
The etc directory is probably the only one that matters because of the tcp.smtp file and its locks. I'm open to input from others on who should own bin, doc, include and lib. Perhaps root should be the only user with write access to those directories, and everyone else should have read access...
-- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
