Date: Sun, 24 Jul 2005 22:06:01 +0200 From: Jose M Rodriguez <josemi@freebsd.jazztel.es> To: Yarema <yds@coolrat.org> Cc: ports@freebsd.org, Oliver Lehmann <oliver@freebsd.org> Subject: Re: security/courier-authlib and courier user Message-ID: <200507242206.02218.josemi@redesjm.local> In-Reply-To: <D8FEAD2A55A14B6EC96CC90C@tuber.coolrat.org> References: <200507241509.44752.josemi@redesjm.local> <200507241644.15692.josemi@redesjm.local> <D8FEAD2A55A14B6EC96CC90C@tuber.coolrat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
El Domingo, 24 de Julio de 2005 20:43, Yarema escribi=F3: > --On Sunday, July 24, 2005 16:44:14 +0200 Jose M Rodriguez > > <josemi@freebsd.jazztel.es> wrote: > > El Domingo, 24 de Julio de 2005 15:29, Oliver Lehmann escribi=F3: > >> Jose M Rodriguez wrote: > >> > Hi, > >> > > >> > After using courier-authlib with maildrop (from sendmail) and > >> > courier-imap, I can't see any reason to have a courier user. > >> > > >> > This seems more a need of the courier mailer, and maybe of the > >> > tarball build/install system (I doubt). > >> > > >> > So, I'm thinking about the convenience of don't do any courier > >> > user work and do a rcNg for the courier mailer that fire-up all > >> > the components (and not use courier-authlib rcNG for courier > >> > mailer). I think the courier user only matters to the courier > >> > mailer. > >> > >> "For the Courier mail server, /var/run/courier/authdaemon should > >> be owned by the userid that Courier is installed under, and it > >> must be readable and writable by the Courier user and group (but > >> no world permissions)." > >> > >> How can I do this if I don't create the courier user with > >> courier-authlib? > > > > First, this needs test, but I think that the real problem is > > using /usr/local/etc/rc.d/courier-authdaemond.sh with courier > > mailer. > > > > I think courier mailer users must maintain > > courier_authdaemond_enable to NO and embed > > /usr/local/etc/rc.d/courier-authdaemond.sh functonality in its own > > rc script. > > > > This have more sense with the closed concept of the courier mailer. > > > > Also thinking in support ${courier_authdaemond_user:=3Droot} > > in /usr/local/etc/rc.d/courier-authdaemond.sh > > > > -- > > josemi > > First let me quote the relevent portion of > http://www.Courier-MTA.org/authlib/INSTALL.html then I'll add my > thoughts on this. > <snip/> > In the all inclusive courier MTA having the courier-authlib config > files owned by UID/GID "courier" allows the webadmin CGI to be used > to administer all things courier including courier-authlib. But more > importantly having user "courier" improves security by sandboxing > the daemons into running under a UID/GID not used by anything else.=20 > Yes, according to the docs above we could use user "daemon" or any > number of other pre-existing UIDs. But that goes against the thinking > of current security practice that having daemons with any security > implications run under a sandbox UID/GID is a Good Thing. I mean, > the OpenBSD folks go to great lengths to include privilege separation > into everything they run just in case there might be a vulnerability > which could wreak havoc if the daemon was running with root > privileges. Also look at how the functionally closest package to > courier-authlib does things: cyrus-sasl installs and uses UID/GID > cyrus. And again the main reason is sandboxing or privilege > separation if you will. config (${PREFIX}/etc) owned by courier seems a good point to maintain=20 things as used now. =2D- josemi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507242206.02218.josemi>