Hello all,
I have sucsessfully set up a sqwebmail system using authvchkpw/vpopmail
authentication. However, I do have some question about security.
First of all, I have 5 processes called authdaemond.lda running under root and a
sqwebmail binary setuid as root. Is that really necearry? Other program's programs as
apache, mysql, named etc drops to a lover userlever after startup. Qmailadmin is
setuid under vpopmail which owns the directories and files that controll the email
system.) I tried to change ownership of the sqwebmail binary to vpopmail and fork the
authdaemond.lda prosess under the vpopmail user, but then I got a internal server
error which yellded
"setgid: Operation not permitted
[Wed Aug 1 16:11:02 2001] [error] [client 60.60.200.200] Premature end of script
headers: /home/www/default/webmail.domain.no/cgi-bin/sqwebmail" in the apache error
log."
Now my question is, is there anyone who have tempered with that before, have written a
howto or can give a brief explanation. I mean, since the ~vpopmail/ directory
structure are owned by vpopmail, and all the authentication goes through the
vpopmail/mysql system you shoulden't really need root access. If you authenticate
against /etc/shadow or similar the answer is obvius, but that is not the case here.
Any tought's about that issue, or is my assumptions wrong?
Sincerely David Karlsen
