6 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Courier auth appl...
FromSent OnAttachments
Lindsay HaisleyJul 5, 2006 3:33 pm 
Alessandro VeselyJul 6, 2006 2:08 am 
AndrewJul 14, 2006 6:29 pm 
Sam VarshavchikJul 14, 2006 7:01 pm 
Charles FryJul 14, 2006 9:15 pm 
Sam VarshavchikJul 15, 2006 4:50 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] Courier auth application ??Actions...
From:Charles Fry (cf@debian.org)
Date:Jul 14, 2006 9:15:20 pm
List:net.sourceforge.lists.courier-users

This is correct. The default configuration allows for a site-specified selection of the userid who will own everything. Creating a new "courier" userid is a valid option, but so is recycling some suitable stock system userid, such as "daemon". Ditto for the groupid. Notwithstanding the selected userid/groupid, the authdaemon socket has mode 777, while the ownership of the socket directory is set to the selected owner userid/groupid, and mode 750.

If prior to building the rpm you create a "courier" userid and groupid, that userid/groupid will take ownership of the authdaemon directory, and the other files, otherwise it's going to be "daemon".

Hmm. The current Debian package creates a socket directory with permissions 755. Is there any disadvantage to doing so? As far as I can tell it is not a security issue, since the old password is required to set the new password, unless repeated failed attempts to do so aren't throttled. I guess it might be a privacy issue because you could view userinfo for other users?

Charles

-- Old Dobbin reads these signs Each day You see, he gets His corn that way Burma-Shave http://burma-shave.org/jingles/1949/old_dobbin