On 10/20/06, Martin Schweizer <schweizer.martin@xxxxxxxxx> wrote: > Hello > > I use the following system: > > - FreeBSD 6.1 > - Sendmail > - Cyrus Imap > - Squirrelmail 1.48 (incl. plugin Change SASL Password ) > > As described in the Readme and in chgsaslpasswd.c > file (from the plugin directory) I set the following: > > > chgsaslpasswd.c > ******************* > ... > #define UID 60 > ... > > (UID 60 is the user cyrus) > > > chgsaslpasswd (compiled version) > *************************************** > - chmod to 4550 > - chown to cyrus:www > > (www is the apache group) > > -r-sr-x--- 1 cyrus www 5167 20 Okt 11:52 chgsaslpasswd > > > /usr/local/etc/sasldb2.db > *************************** > -rw-r--r-- 1 root cyrus 24576 20 Okt 11:46 sasldb2.db > > > With the above rights it will not work (these are the defaults). If I > set these to > > -rw-r--rw- 1 root cyrus 24576 20 Okt 11:46 sasldb2.db > > then it works (but is security hole). Well, if chgsaslpasswd is supposed to suid to cyrus, then rw-r--r-- root:cyrus should NOT have ability to change passwords, as expected. Why didn't you try rw-rw-r-- (664)? I dunno who else needs to see this file, but if you can get away with it, rw-rw---- (660) is even more secure. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
