On Monday 10 September 2001 10:51, Amos Gouaux wrote:
> >>>>> On Mon, 10 Sep 2001 16:31:49 +0200 (CEST),
> >>>>> Tarjei Huse <[EMAIL PROTECTED]> (th) writes:
>
> th> - cyrus-imapd-2.0.16 doesn't set process ids correctly;
> th> it only sets uid, not gid, neither supplementary gids
> th> - detected by [EMAIL PROTECTED] (Cheng-Jih Chen), when trying
> the th> "chgrp shadow /etc/shadow; chmod g+s /etc/shadow; add cyrus
> to shadow th> group"
> th> trick to let cyrus to read /etc/shadow
>
> Gee, so much work. Just use pwcheck, or better yet saslauthd.
Some people prefer not to use pwcheck due to security concerns, and
some RPMs (such as Red Hat's) do not even include pwcheck for that
reason. Rather than dinker with yet another daemon with root
privileges, it seems less risky to just set a single line in
/etc/imapd.conf and do the permissions thing.
BTW, the "chgrp shadow" trick still works in 2.0.16 if you do a "chmod
g+s /usr/cyrus/bin/imapd" after making sure that executable belongs to
group shadow.
Chris
