Re: [qmailadmin] Invalid Login
--- Jeremy Kitchen [EMAIL PROTECTED] wrote: On Wed, 2004-03-24 at 22:29, ep wrote: Hi, after I add a new domain via vpopmail, like this: ~vpopmail/bin/vadddomain -i 510 -d 510 somedomain.com password123 i cannot log in with this domain in qmailadmin! if i leave out the -i and -d flags arguments, it works, but i want to store the domains directory under the home dir of a specific user on the system, not under vpopmail's home dir. so i add the -i and -d, w/ vadddomain. it creates the dir's and files in 510's home dir, it adds the info in qmail's assign file, but no success logging in as postmaster with qmailadmin. what is the prob? permissions. qmailadmin by default is setuid vpopmail. The vpopmail user doesn't have access to read the files you created with vadddomain under the different uid/gid. solution: make qmailadmin setuid root -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE hi, thanks for the response. i'm still having trouble with this. how exactly do I make qmailadmin setuid root? is it something i have to do at compile time? right now, qmailadmin is located in my web server's cgi-bin and is chown root.root and chmod 6755. apache runs as nobody/nobody. i created a tiny php script in the same cgi-bin to setuid root and then display the current uid. i set the same permissions on this php script (owned by root/root, 6755). it displayed 99 (nobody). my apache has suexec, but no User/Group directives in the VirtualHost part, so it defaults to running scripts as nobody/nobody. ~ep
Re: [qmailadmin] Invalid Login
how to run this command it says # make qmailadmin setuid rootmake: *** No rule to make target `setuid'. Stop. rgds, Satinder Pal Singh - Original Message - From: "Jeremy Kitchen" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 10:06 AM Subject: Re: [qmailadmin] "Invalid Login" On Wed, 2004-03-24 at 22:29, ep wrote: Hi, after I add a new domain via vpopmail, like this: ~vpopmail/bin/vadddomain -i 510 -d 510 somedomain.com password123i cannot log in with this domain in qmailadmin! if i leave out the -i and -d flags arguments, it works, but i want to store the "domains" directory under the home dir of a specific user on the system, not under vpopmail's home dir. so i add the -i and -d, w/ vadddomain. it creates the dir's and files in 510's home dir, it adds the info in qmail's "assign" file, but no success logging in as postmaster with qmailadmin. what is the prob? permissions. qmailadmin by default is setuid vpopmail. The vpopmail user doesn't have access to read the files you created with vadddomain under the different uid/gid. solution: make qmailadmin setuid root -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
[qmailadmin] New Aliases option in Qmailadmin 1.2.0
Hello, I've seen that this topic has been discussed in a few other threads, which were explaining that qmailadmin 1.2.0 doesnt feature the New Aliases option anymore, but that was about it, I couldn't find a solution for this: I'd like to prevent users to create non-local forwards, while letting them add local ones... Is there any other way to do it with the stable qmailadmin ? If not, will this feature get back in the upcoming releases ? I'm asking that because I'm badly missing it and I need to know if it's worth trying to find/build a replacement for qmailadmin, this is actually its only drawback to me. Kind Regards, Renaud
Re: [qmailadmin] Invalid Login
On Thu, 2004-03-25 at 02:45, ep wrote: solution: make qmailadmin setuid root hi, thanks for the response. i'm still having trouble with this. how exactly do I make qmailadmin setuid root? chmod 4711 qmailadmin is it something i have to do at compile time? it might be a ./configure option, but manually modifying the permissions is ok. right now, qmailadmin is located in my web server's cgi-bin and is chown root.root and chmod 6755. apache runs as nobody/nobody. ok i created a tiny php script in the same cgi-bin to setuid root and then display the current uid. depending entirely on your configuration, php scripts are probably not executed as cgi, and therefore setuid bit doesn't matter. They're probably interpreted by mod_php. my apache has suexec, but no User/Group directives in the VirtualHost part suexec might complicate things. You are now beyond scope of this mailing list. so it defaults to running scripts as nobody/nobody. php scripts, yes, because they're not likely executed as cgi programs. In which case they probably wouldn't be run setuid anyway. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [qmailadmin] Invalid Login
I think I've found a solution, although it might not be the best. It is the only thing I could think of right now. If anyone has a better idea, let me know: It was indeed a problem with permissions. I had to chown root.root on qmailadmin. but that wasn't all. In qmail's assign file, the uid/gid of the domain i added (w/ vadddomain -i 510 -g 510 newdomain.com password123) was 510/510. I think when i try to login with qmailadmin under that domain, it setuid's to 510/510, and so it wasn't able to read the vital file ~vpopmail/etc/vpopmail.mysql (since it's only readable by user vpopmail). i know this because i see this in apache's error_log: vmysql: can't read settings from /usr/local/vpopmail/etc/vpopmail.mysql vmysql: sql error[3]: MySQL server has gone away the stupid solution is to chmod 644 the vpopmail.mysql file, although it works. another solution would be to change the uid/gid for that domain in qmail's assign file to 89/89 (vpopmail's uid/gid) and then chown vpopmail.vchkpw the domains dir in 510/510's home dir AND the home dir itself (or chmod 744 510/510's home dir). i don't like this solution either as i want to keep 510/510's home dir owned by that user AND have 700 permission for privacy. so the only other solution which i could think of was to set that domain's uid/gid as 0/0 in qmail's assign file. now, what kind of security risks could this setup pose? i'm brand new to qmail, so i'm not sure (just installed it a few days ago). Another question: what is the difference between the -u and -i/-g flags when running the vadddomain? they seem to do the same things. I know this isn't the vpopmail mailing list, so you don't have to respond. (ps Oh yeah, and my PHP/apache setup is like this: not as an apache mod but as CGI/FastCGI, so suexec not only affects all CGI scripts, but also PHP scripts. however, suexec seems to be totally irrelevant to the invalid login problem.)
Re: [qmailadmin] New Aliases option in Qmailadmin 1.2.0
--- Renaud [EMAIL PROTECTED] wrote: Hello, I've seen that this topic has been discussed in a few other threads, which were explaining that qmailadmin 1.2.0 doesnt feature the New Aliases option anymore, but that was about it, I couldn't find a solution for this: I'd like to prevent users to create non-local forwards, while letting them add local ones... Is there any other way to do it with the stable qmailadmin ? If not, will this feature get back in the upcoming releases ? I'm asking that because I'm badly missing it and I need to know if it's worth trying to find/build a replacement for qmailadmin, this is actually its only drawback to me. Kind Regards, Renaud if you use mysql-enabled vpopmail, you can create a PHP (or perl) script to insert a new entry into the valias table.
RE: [qmailadmin] problems with ssl
SOLVED. if you have problems with qmailadmin or another cgi), and ssl support, try with: SSLOptions +StdEnvVars in cgi-bin/qmailadmin Regards Andrea
Re: [qmailadmin] Invalid Login
On Wed, 24 Mar 2004, Jeremy Kitchen wrote: permissions. qmailadmin by default is setuid vpopmail. The vpopmail user doesn't have access to read the files you created with vadddomain under the different uid/gid. solution: make qmailadmin setuid root Just understand the security ramifications of making a slightly messy bit of C code running as root accessible to the world. It's not something I'd really entertain on a box I care about. Why are you making your domain users with ids other than vpopmail? Thanks, Charles -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE