Sorry - I just saw this by searching the newsgroup for my name
In article [EMAIL PROTECTED] you wrote:
This is really directed more toward Paul Gregg [EMAIL PROTECTED], but I
thought the whole list might get some benefit from my mistakes.
I'm using your checkpoppasswd program derived from the checkpasswd of
Jedi/Sector One. I've modified it by putting more intuitive messages into
the syslog messages and got it working, authenticating users at one point,
but now it's failing with the log message "Couldn't setgid (888)." I'm
running qmail-pop3d.init with the uid and gid of the qmaild user (81 and 80
respectively. It was originally root, but I thought that might be a security
hazard and changed it to the same uid/gid of the other qmail servers. Is
there a valid reason for having qmail-pop3d run as root? Is it because
qmail-pop3d has to be able to delete files owned by others? I put qmaild into
the popuser group (888) but it still failed at the same point.
Anyone, please advise.
Looks like there is a bit of a mix up here...
You would normally run qmail-popup as root, which would then run checkpoppasswd
as root.
chechpoppasswd checks your password against the poppasswd file and ascertains
the userid and gid of the user which has just logged in. checkpoppasswd
then sets the uid/gid of itself to that user. In my single uid system the
uid/gid is always 888/888 (but the numbers are really up to you).
checkpopasswd then sets USER, HOME and SHELL and runs qmail-pop3d under the
uid of the logged in user.
Because the single UID system should always run as uid 888 then you can
happily run qmail-popup via tcpserver with -u888 -g888 if you wish.
I don't because there's no need to.
Paul.
