Re: raw access to imap quotas, with mail user
On Mon, 2004-09-20 at 05:53, Felix Cuello wrote: > On Sun, Sep 19, 2004 at 09:26:42PM -0700, Carl P. Corliss wrote: > > Better yet, only update it when you absolute need to (meaning: only when > > you are checking mail or making a change to your mailbox by deleting, > > moving or renaming). That should work - of course providing your web portal > > is functioning as a mail client (checking mail/etc) and not -only- > > interacting with imap to retrieve the quota. > You are talking about some kind of triggers... but that's difficult because i > don't have source code of the Webmail imap program [my boss bought that a few > years ago]. You could setup an imapproxy and have the webmail connect to that. That is what I do with horde/imp to make it run MUCH faster. http://www.imapproxy.org/ This will save the relogin > regards, > > Félix -- Edward Rudd <[EMAIL PROTECTED]> Website http://www.outoforder.cc/ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, Sep 19, 2004 at 09:26:42PM -0700, Carl P. Corliss wrote: > Better yet, only update it when you absolute need to (meaning: only when > you are checking mail or making a change to your mailbox by deleting, > moving or renaming). That should work - of course providing your web portal > is functioning as a mail client (checking mail/etc) and not -only- > interacting with imap to retrieve the quota. You are talking about some kind of triggers... but that's difficult because i don't have source code of the Webmail imap program [my boss bought that a few years ago]. regards, Félix -- Felix Cuello [EMAIL PROTECTED] - 1512 - Always do right. This will gratify some people and astonish the rest. -- Mark Twain --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
Michael Loftis wrote: [snip] > Read it once, and then cache the result in the session information (or > even in a cookie) along with a 'freshness' -- and when the timeout has > expired, re-check it (say 1 minute, or five). Same thing with the LDAP > auth. Re-authing every single page load is not necessary. Better yet, only update it when you absolute need to (meaning: only when you are checking mail or making a change to your mailbox by deleting, moving or renaming). That should work - of course providing your web portal is functioning as a mail client (checking mail/etc) and not -only- interacting with imap to retrieve the quota. HTH, -- Carl --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
--On Sunday, September 19, 2004 21:10 -0300 Felix Cuello <[EMAIL PROTECTED]> wrote: On Sun, Sep 19, 2004 at 09:55:45PM -0500, Edward Rudd wrote: What's wrong with just making an imap connect to ask for the quota root? (you don't have to run cyradm to check quatas..) Is to slow to do that in every page viewed by users [login with ldap access, then check imap quota]. Because the requirement is "Show Mailbox Usage on everypage"... then i was using IMAP::Admin but i want to do that faster... then i wrote a simple C code to read user quota without IMAP access. That's all... but mail users don't have read access to /var/imap/quota. Read it once, and then cache the result in the session information (or even in a cookie) along with a 'freshness' -- and when the timeout has expired, re-check it (say 1 minute, or five). Same thing with the LDAP auth. Re-authing every single page load is not necessary. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, 19 Sep 2004, Felix Cuello wrote: So write simple C code and exec it (and collect the result) from perl? That's the problem... PERL is running as apache access. I wrote C code and Right, that's why I suggested writing a C program, making it setuid and executing, not linking in via xs. Setuid makes it run as who you want, and life goes on. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, Sep 19, 2004 at 10:49:03PM -0400, Derrick J Brashear wrote: > So write simple C code and exec it (and collect the result) from perl? That's the problem... PERL is running as apache access. I wrote C code and compile it [using h2xs] as PERL Package [because i don't want to do an exec]. The problem is that PERL is running as apache access, and this user is added to mail group, but mail group doesn't have access to /var/imap/quota. The C code implements a method in this package called: int percent( char* mailbox ) That returns percentaje used by the user on this mailbox. It works with cyrus/root access... but i need to access with mail user access. [i don't want to put apache into the cyrus access, just because i want to read quota, not the whole mailbox] regards, Felix -- Felix Cuello [EMAIL PROTECTED] - 1509 - Q: Why do WASPs play golf ? A: So they can dress like pimps. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, Sep 19, 2004 at 09:55:45PM -0500, Edward Rudd wrote: > What's wrong with just making an imap connect to ask for the quota root? > (you don't have to run cyradm to check quatas..) Is to slow to do that in every page viewed by users [login with ldap access, then check imap quota]. Because the requirement is "Show Mailbox Usage on everypage"... then i was using IMAP::Admin but i want to do that faster... then i wrote a simple C code to read user quota without IMAP access. That's all... but mail users don't have read access to /var/imap/quota. regards, Félix -- Felix Cuello [EMAIL PROTECTED] - 1507 - You will live a long, healthy, happy life and make bags of money. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, 2004-09-19 at 18:32, Felix Cuello wrote: > Hello, > >I wrote a small C program to access to quota files without ask cyrus. This >program run under mail group. >I noticed when something change in the mailbox [deleting mails, receiving >mails, etc] the /var/imap/quota permissions are resetted to: > >-rw--- cyrus.mail > >Then mail users can't have read access to this files and my C program >doesn't have read access to the files. > >It is possible to change that? Possible, yes, probable, no. It's kinda insecure to do that, and relies on the cyrus mail store being the same. it's better to go through the channels provided by cyrus and not bypass them and go directly to the store. What's wrong with just making an imap connect to ask for the quota root? (you don't have to run cyradm to check quatas..) >Thanks a lot, > >Félix > -- Edward Rudd <[EMAIL PROTECTED]> Website http://www.outoforder.cc/ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, Sep 19, 2004 at 10:15:20PM -0400, Derrick J Brashear wrote: > In general programs which access the mail store run as the cyrus user. > Inasmuch as this should be being done at all, your program should be > setuid cyrus. I don't think doing this is a good idea in general, though. Is a requirement to our Sutdents web portal, show mailbox usage of each users. All students web portal are written in PERL, but IMAP::Admin is a little bit slow just because it log as the cyrus admin [or the user] using LDAP and... that takes a lot of time. Then i wrote a simple C code and compile that as a PERL Package, then i have direct access to their quota. Apache user is in the mail group [i don't know why... but that's the true] and i want to run the PERL script with apache user rights [then mail rights]... i don't want to put apache into cyrus group, just because i don't want apache could be read mailboxes. That's the whole problem... thanks, Félix -- Felix Cuello [EMAIL PROTECTED] - 1506 - A gift of a flower will soon be made to you. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, 19 Sep 2004, Felix Cuello wrote: Inasmuch as this should be being done at all, your program should be setuid cyrus. I don't think doing this is a good idea in general, though. Then i wrote a simple C code and compile that as a PERL Package, then i have direct access to their quota. Apache user is in the mail group [i don't know why... but that's the true] and i want to run the PERL script with apache user rights [then mail rights]... i don't want to put apache into cyrus group, just because i don't want apache could be read mailboxes. So write simple C code and exec it (and collect the result) from perl? --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: raw access to imap quotas, with mail user
On Sun, 19 Sep 2004, Felix Cuello wrote: Hello, I wrote a small C program to access to quota files without ask cyrus. This program run under mail group. I noticed when something change in the mailbox [deleting mails, receiving mails, etc] the /var/imap/quota permissions are resetted to: -rw--- cyrus.mail Then mail users can't have read access to this files and my C program doesn't have read access to the files. It is possible to change that? In general programs which access the mail store run as the cyrus user. Inasmuch as this should be being done at all, your program should be setuid cyrus. I don't think doing this is a good idea in general, though. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html