Re: [vchkpw] Problem with vadddomain -u and mysql authentication.

Thu, 25 Aug 2005 08:16:13 -0700 

On 2005-08-25, at 0900, Tijs Zwinkels wrote:



I am currently trying to use vpopmail 2.4.12 with mysql  
authentication.
I want to store the mail in the user-directories, to make mail  
count for the

system-quota's. Therefore i'm using the vadddomain -u flag.



you do realize that vpopmail stores an entire DOMAIN under one system  
userid, rather than each MAILBOX under its own system userid? the  
only reason for doing this is if you need a filesystem quota to  
control the domain at large, rather than (or in addition to) a  
separate quota for each mailbox.



i tried this once... if users have access to their Maildir, either  
through a shell or through FTP, they will find them and mess them up-  
deleting a "tmp" directory from a folder here, or deleting their  
Maildir in an attempt to "clean up their disk space"...



i found it easier to make a separate repository for mailboxes (say,  
inside of the vpopmail's home directory) and give each user two  
quotas- one for mail, and one for FTP and web stuff.



I'm getting errors about not being able to read the vpopmail.mysql  
file.



For domain created without the -u option, or if i make the  
vpopmail.mysql file

world readable, everything works fine.



normally this file has its ownership and permissions set so that it  
can only be read by the vpopmail user. if you're using specific  
system userid's for one or more domains, those userid's must also be  
able to read the file.



It seems that both qmailadmin and the delivery process 'setuid' to  
the user
that's receiving the mail. The problem is: the vpopmail.mysql file  
isn't

readable by 'normal' users.


ah. you already understand the problem them.


Nor i want it to be readable by my users: With the information in  
this file,

they could logon and alter the database for every user on the system!

Any ideas on how to handle this?


don't use separate system userid's for each domain.

--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <[EMAIL PROTECTED]> |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |
--------------------------------------------------





Attachment:
PGP.sig

Description: This is a digitally signed message part






















					Reply via email to