Marc Zucchelli on 10 Mar 2006 19:52:39 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] user/group/security dilemma/problem with qmail


I applied the smtp-auth patch to qmail, and it relies
on an external program to actually check the password,
I set that to:
-rwxr-x---  1 root   cp       1208 2006-03-10 14:30
checkpassword.pl

qmail runs as user qmaild, and group nofiles.

I am using checkpassword.pl for the pop and imap
server as well, so I didnt want to give it an
ownership of qmaild, I thought it would be more
appropriate just to make a group cp, and make qmaild a
member of that group:

cp:x:1009:qmaild

When the permission of checkpassword.pl are 755 qmail
will run it, but 755 is no good, I wanted it to be
750, qmail will not run it when its 750.  I ran "id"
as qmaild:

#su - qmaild
#id
uid=300(qmaild) gid=300(nofiles)
groups=300(nofiles),1009(cp)

And I can run checkpassword.pl at 750 fine.

Next I set the checkpassword program qmail runs to
/usr/bin/id, and the output that gave me was:

uid=300(qmaild) gid=300(nofiles) groups=300(nofiles)

Why isnt it showing cp as one of the groups?  Is qmail
not changing correctly?

Thanks!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug