Site Navigation

Date:      Sun, 23 Sep 2001 23:51:03 -0300
From:      "Mario Sergio Fujikawa Ferreira" <lioux@uol.com.br>
To:        Maxim Sobolev <sobomax@FreeBSD.org>
Cc:        dan@langille.org, ports@FreeBSD.org, kris@FreeBSD.org
Subject:   Re: qpopper and /etc/ftpusers
Message-ID:  <20010923235103.A18418@exxodus.fedaykin.here>
In-Reply-To: <200109210515.IAA76507@ipcard.iptcom.net>; from sobomax@FreeBSD.org on Fri, Sep 21, 2001 at 08:14:50AM %2B0300
References:  <3BA9FBF4.13773.89DF47D@localhost> <200109210515.IAA76507@ipcard.iptcom.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Sep 21, 2001 at 08:14:50AM +0300, Maxim Sobolev wrote:
> On Thu, 20 Sep 2001 14:23:48 -0400, Dan Langille wrote:
> > I don't see how POP is connected to ftp users?
> 
> /me too

	Okay. Let me begin with, I did not do it. :) It is not my
fault. Though, I don't think it was anybody's fault.
	I'd used qpopper for a long and though not connected to
ftp users, the information sharing seemed quite interesting. It seemed
logical though not quite "correct".
	Nevertheless, I agree with the issue. I've been following
the thread waiting for a consensus and here goes my suggestion.

> > This from mail/qpopper/Makefile:
> > 
> > CONFIGURE_ARGS= --enable-apop=${PREFIX}/etc/qpopper/pop.auth \
> >                 --enable-nonauth-file=/etc/ftpusers \
> >                 --with-apopuid=pop --without-gdbm \
> >                 --enable-keep-temp-drop
> > 
> > Does it make sense to do things that way?  If an auth file is to be used at all, why not use one 
> > with an appropriate name (e.g. /etc/popusers).
> 

[snip]
 
> No, the current setup astually preserves the POLA (it had been that
> way since the beginning of time) - check cvs log for mail/qpopper/Makefile.
> However, it might be a good idea to actually bite the bullet and break that
> stupid POLA.
> 
> I would suggest to replace `--enable-nonauth-file=/etc/ftpusers' with
> something like `--enable-auth-file=/etc/pop3users'. Among other things,
> it would ensure that the default setup is the most secure.

	I am considering something on the lines of 

${PREFIX}/etc/qpopper/popusers

to uphold hier(7)

	Here is how I plan this:

	1) --enable-nonauth-file=${PREFIX}/etc/qpopper/popusers

	2) when installing:
	2.1) if there is no ${PREFIX}/etc/qpopper/popusers.sample:
		- if there is /etc/ftpusers, copy it to
		${PREFIX}/etc/qpopper/popusers.sample
		- if there is none, cp /dev/null
		${PREFIX}/etc/qpopper/popusers.sample

	2.2) if there is no ${PREFIX}/etc/qpopper/popusers
	( from a previous instalation ),
	cp ${PREFIX}/etc/qpopper/popusers.sample \
		${PREFIX}/etc/qpopper/popusers

	3) when deinstalling:
	3.1) if ${PREFIX}/etc/qpopper/popusers.sample
	is exactly like ${PREFIX}/etc/qpopper/popusers,
	remove ${PREFIX}/etc/qpopper/popusers

	3.2) remove ${PREFIX}/etc/qpopper/popusers.sample
	
	popuser{,.sample} are been installed with

	user: pop
	group: daemon
	perms: 0444

	dir ${PREFIX}/etc/qpopper/ is

	user: pop
	group: daemon
	perms: 711

	Diffs to the port and a pkg-install are supplied for an
examplification. I would like some input. Please test this and let
me know what do you think, specially on the use of the systems
ftpuser to create the popusers.sample.  We could settle for an
empty file or supply with the ports within ${FILESDIR}.
	This is just a suggestion for a solution. All suggestions
are welcome.

	Regards,

-- 
Mario S F Ferreira - UnB - Brazil - "I guess this is a signature."
lioux at ( freebsd dot org | linf dot unb dot br )
flames to beloved devnull@someotherworldbeloworabove.org
feature, n: a documented bug | bug, n: an undocumented feature

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/mail/qpopper/Makefile,v
retrieving revision 1.60
diff -u -r1.60 Makefile
--- Makefile	2001/09/10 00:06:05	1.60
+++ Makefile	2001/09/24 02:28:17
@@ -29,7 +29,7 @@
 CONFIGURE_ENV=	LIBS="-lmd -lutil" \
 		OS_DEFS="-DSETPROCTITLE ${OS_DEFS}"
 CONFIGURE_ARGS=	--enable-apop=${PREFIX}/etc/qpopper/pop.auth \
-		--enable-nonauth-file=/etc/ftpusers \
+		--enable-nonauth-file=${POPUSERS_FILE} \
 		--with-apopuid=pop --without-gdbm \
 		--enable-keep-temp-drop
 
@@ -37,6 +37,16 @@
 
 MAN8=		qpopauth.8 qpopper.8
 
+# internal configuration
+POP_USER=	pop
+POP_GROUP=	daemon
+POP_MODE_DIR=	711
+POP_MODE_CONF=	444
+POPUSERS_FILE=	${PREFIX}/etc/qpopper/popusers
+SAMPLE_EXT=	.sample
+#
+PKGDEINSTALL=	${PKGINSTALL}
+
 pre-fetch:
 .if defined(APOP_ONLY)
 	@${ECHO_MSG} "==> The APOP_ONLY option is deprecated, please use"
@@ -111,8 +121,24 @@
 .if defined(WITH_POPPASSD)
 	${INSTALL_PROGRAM} ${WRKSRC}/password/poppassd ${PREFIX}/libexec/qpoppassd
 .endif
+	@${INSTALL} -d -o ${POP_USER} -g ${POP_GROUP} -m ${POP_MODE_DIR} \
+		${PREFIX}/etc/${PORTNAME}
 
-post-install:
+post-install: install-conf-file
 	@${SED} -e "s:/usr/local:${PREFIX}:g" ${PKGMESSAGE}
+
+# based on original from op port, written by Cyrille Lefevre
+# <clefevre@citeweb.net>
+install-conf-file:
+	@if [ ! -f ${CONF_DIR}/${CONF_FILE}${SAMP_SUFX} ]; then \
+		if [ -f /etc/ftpusers ]; then \
+			${INSTALL} -c -o ${POP_USER} -g ${POP_GROUP} -m ${POP_MODE_CONF} \
+				/etc/ftpusers ${POPUSERS_FILE}${SAMPLE_EXT} ; \
+		else \
+			${CP} /dev/null ${POPUSERS_FILE}${SAMPLE_EXT} ; \
+		fi ; \
+	fi
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} \
+		${PKGINSTALL} ${PKGNAME} POST-INSTALL
 
 .include <bsd.port.post.mk>
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/mail/qpopper/pkg-plist,v
retrieving revision 1.14
diff -u -r1.14 pkg-plist
--- pkg-plist	2001/07/26 06:26:19	1.14
+++ pkg-plist	2001/09/24 02:28:17
@@ -3,5 +3,5 @@
 @exec ln -sf %D/bin/qpopauth %D/bin/qapopauth
 libexec/qpopper
 %%EPOPPASSD%%libexec/qpoppassd
-@dirrm etc/qpopper
-@exec mkdir -p %D/etc/qpopper && chown pop:daemon %D/etc/qpopper && chmod 700 %D/etc/qpopper
+etc/qpopper/popusers.sample
+@unexec rmdir %D/etc/qpopper 2>/dev/null || echo "If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/qpopper`` to remove any configuration files and logs left." | fmt

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=pkg-install

#!/bin/sh
# $FreeBSD$

# based on original from op port, written by Cyrille Lefevre
# <clefevre@citeweb.net>

[ $# != 2 ] && exit 1
PKGNAME=$1
ACTION=$2

CONF_DIR=${PKG_PREFIX}/etc/qpopper

CONF_FILE=popusers
CONF_OWN=pop
CONF_GRP=daemon
CONF_MODE=444

SAMP_SUFX=.sample

INSTALL=install
CMP=cmp
RM=rm

case "$ACTION" in

POST-INSTALL)
	if [ -f ${CONF_DIR}/${CONF_FILE} ]; then
		echo "$PKGNAME: Will not overwrite existing ${CONF_DIR}/${CONF_FILE} file."
	else
		${INSTALL} -c -o ${CONF_OWN} -g ${CONF_GRP} -m ${CONF_MODE} \
			${CONF_DIR}/${CONF_FILE}${SAMP_SUFX} \
			${CONF_DIR}/${CONF_FILE}
	fi
	;;

DEINSTALL)
	if ${CMP} -s ${CONF_DIR}/${CONF_FILE}${SAMP_SUFX} \
		  ${CONF_DIR}/${CONF_FILE}; then
		${RM} -f ${CONF_DIR}/${CONF_FILE}
	else
		echo "$PKGNAME: Will not remove existing ${CONF_DIR}/${CONF_FILE} file."
	fi
	;;

PRE-INSTALL|POST-DEINSTALL)
	;;

*)
	exit 1
	;;
esac

exit

--ZPt4rx8FFjLCG7dd--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010923235103.A18418>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact