I have not tried chrooting either DNS or Apache. I assume that
chroot for DNS is probably easier than Apache serving multiple
sites. With Apache you can clearly demark each site's files and
hence chrooting may make sense, but with cyrus (imap/pop3)
it is little difficult to separate each user's files. Mailboxes and
configuration files are lumped together in various dir and to
separate them to chroot a user to an area of their own, is
probably not possible, because cyrus has no notion of
setting up of dir structures based on user ids.
I have not used squirrelmail, but used imp and is fairly
amenable to adaptation.
__
Seva
Steve Wright wrote:
> Cyrus will be installed (eventully) on our isp mail server.
> The current setup is such that apache & bind run chroot, therefor if
> compromised the attacker will only be allowed access to their separate
> directory structures.
> (eg bind compromised, /chroot/dns/ appears to be root, only
> subdirectorys thereof are at risk)
> Upon installation I wish the same to be true of Cyrus.
> The facilitys I require from Cyrus are pop3, imap & imap via ssl.
> Web based mail will be installed when the new system is operational, to
> deviate slightly has anyone had experience of SquirrelMail
> (www.squirrelmail.org), it appears to have a cleaner interface than imp
> & I will need to evalutate both products.
> I hope you may be able to provide me with help.
>
> Steve Wright
> Systems Administrator
>
> Seva Adari wrote:
>
> >Without knowing the reasons for why your are trying to chroot
> >cyrus, it is difficult to comment. I am not quite sure if chrooting
> >is relevant or is necessary at all for cyrus-imap!
> >
> >>From a security point of view cyrus is well designed to stay in
> >private ip space and serve the users. What you may want to do
> >is to allow interaction to cyrus via web interface, using for example
> >imp from www.horde.org or similar other applications.
> >__
> >Seva
> >
> >Steve Wright wrote:
> >
> >>This is probably not a very good question, but i'm new to cyrus.
> >>....
> >>I want to setup cyrus running in a chroot enviroment, am I correct in
> >>thinking all I need to do is move the binarys, librarys & config files
> >>inside a directory structure then "chroot /[dir.structure] master &" ?
> >>Or like postfix is there an option to run its child process(s) chroot ?
> >>
> >>Thanks
> >>Steve Wright
> >>
> >
> >
> >
