|Subject:||Re: [courier-users] courier-imap as non-root user +authuserdb|
|From:||Three Letter Acronym (tl...@spiderchain.com)|
|Date:||Jan 4, 2003 7:34:40 pm|
Brian Candler <B.Ca...@pobox.com> wrote:
On Fri, Jan 03, 2003 at 05:58:59PM -0800, Three Letter Acronym wrote:
Ah -- I don't have enough users to warrant running ldap...hence the attempt to get userdb to work... Do I interpret the above to mean that you have one user (exim) that owns all mail, and that users are restricted to their respective namespaces by the imap server?
Absolutely. If mail is owned by individual users then Courier has to run as root in order to have privileges to set its uid/gid appropriately for each mailbox.
I think I now understand what you are trying to do - deliver as user X (different from each user) and group G (same for each user), and have the mailserver run as group G.
In that case you could try -user=something -group=G in the TCPDOPTS, but you'll have other problems - for example the maildirs may have to be mode 0660 as you discovered. Courier imap itself creates folders (in imap and sqwebmail) so all that code would have to be changed too.
:P I was afraid something like that was the case....oh well....
I looked at trying to do that with Postfix, I couldn't figure out how to trick postfix into delivering mail as anything other than mode 0600, owned by the recipient.
Sorry I can't help there. In exim it's just "user = exim" on the transport. I did have a look at www.postfix.org but the documentation is massively incomplete - nothing about how to configure database lookups for example. I did notice this though:
"A default userid, default_privs, is used for deliveries to commands/files in root-owned aliases."
So maybe the solution is to set up an alias file with
and have it owned by root, and set default_privs to your imap user.
I hadn't thought of that...there may be some fine points there, but it's worth checking out. Thanks!
in your userdb?
I've tried that -- it can be done for one user, and only one (the userdb da tabase uses the uid as the key).
Erm, it wasn't like that when I played with it (a while ago though) - the key was the first item on the line, and the rest separated with a tab. e.g.
The trouble is that there is a second line: 1005=<tab>brian that maps the uid back to the username. This is what breaks userdb authentication for the imap-server-owns-all-mail option, since db will be confused by multiple mappings of the imap uid to usernames.
in which case I don't see why the same uid/gid can't be assigned to all users. You still have to work out how to make postfix do what you want though :-)
I think that if the userdb problem were solved, the MTA could be pursuaded to deliver mail such that it was owned by the imap server, and the non-root imapd + userdb scenario could be made to work.
Anyway, I think I've got all the info I need...thanks for your help! If the developers are watching, they might want to take a look at the userdb code and see if it's actually broken for a non-root imap daemon, or if I'm just ignorant of the fine points.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf
_______________________________________________ courier-users mailing list cour...@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users