On Thu, Mar 18, 2004 at 11:47:34AM -0800, Noel Burton-Krahn wrote: > I assume that sqwebmaild was made to avoid the problems of running sqwebmail > as a setuid binary. But my setup requires that feature. I let Apache take > care of user authentication and access control. I use Apache::AuthKrb5AFS > so my Apache acquires KRB5 tokens and AFS permissions before executing CGI > scripts. That lets the old CGI sqwebmail inherit AFS permission from Apache > and access user's mail directories in AFS without having to run setuid. The > new daemon sqwebmail can't get KRB5 tokens from Apache (since its in anoter > process space) and thus can't get into user home dirs. > > So, how do I make sqwebmaild act like the old sqwebmail CGI?
Can you define how AFS permissions are 'inherited' by the process? If they are just strings put in environment variables, you can extend the list of environment variables which are passed to sqwebmaild from the CGI. Otherwise, I think you're out of luck... Cheers, Brian.
