> This is correct. The default configuration allows for a site-specified > selection of the userid who will own everything. Creating a new "courier" > userid is a valid option, but so is recycling some suitable stock system > userid, such as "daemon". Ditto for the groupid. Notwithstanding the > selected userid/groupid, the authdaemon socket has mode 777, while the > ownership of the socket directory is set to the selected owner > userid/groupid, and mode 750. > > If prior to building the rpm you create a "courier" userid and groupid, > that userid/groupid will take ownership of the authdaemon directory, and > the other files, otherwise it's going to be "daemon".
Hmm. The current Debian package creates a socket directory with permissions 755. Is there any disadvantage to doing so? As far as I can tell it is not a security issue, since the old password is required to set the new password, unless repeated failed attempts to do so aren't throttled. I guess it might be a privacy issue because you could view userinfo for other users? Charles -- Old Dobbin reads these signs Each day You see, he gets His corn that way Burma-Shave http://burma-shave.org/jingles/1949/old_dobbin ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
