Re: [Courier-imap] Root privileges
Brought to you by:
mrsam
From: <tre...@xh...> - 2003-07-29 16:35:50
|
> On Tue, Jul 29, 2003 at 05:06:42PM +0200, Vladimír Trebický wrote: > > Hi, > > > > I want to ask, whether courier-imap must run as root? Eg. exim only start as > > root, binds port 25 and drops its privileges. Courier either runs as root > > completely (which isn't good) or as some 'mail' user but then it cannot bind > > its ports. Is there any solution like exim has? > > courier-imap drops its privileges as soon as you have logged in. This is > done in the authlib module (success.c calls libmail_changeuidgid) > > It must have root privs in order to switch user ID to the owner of the > mailbox. Exim is the same; it must be run setuid root so that when starting > a delivery process it can switch uid to the mailbox owner. Well, exim has suid root bit on its binary but most time runs as 'mail'. couriertcpd runs all the time as 'root'. I agree that courier must switch user ID but I don't know wheter it is reason to run as root. I think that setting suid root no the couriertcpd binary should be ok. Each instance should then drop its privileges to some 'mail' user except the one that should be able to switch IDs. > If you are running a system where all mail is owned by a single user, you > can run everything as that user instead of root: just set > > TCPDOPTS=".... -user=foobar" > > Regards, > > Brian. > > > > > Thank you, > > Vladimir Trebicky --- Odchozí zpráva mozná neobsahuje viry. Zkontrolováno antivirovým systémem AVG (http://www.grisoft.cz). Verze: 6.0.504 / Virová báze: 302 - datum vydání: 24.7.2003 |