Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Jun 2003 15:08:02 +0100 (BST)
From:      Dominic Marks <dominic.marks@btinternet.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/53875: Maintainer Update: mail/dovecot
Message-ID:  <200306281408.h5SE82wS007986@cus.org.uk>
Resent-Message-ID: <200306281410.h5SEACKa081074@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         53875
>Category:       ports
>Synopsis:       Maintainer Update: mail/dovecot
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 28 07:10:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Dominic Marks
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD moo.cus.org.uk 4.7-STABLE FreeBSD 4.7-STABLE #4: Wed Apr 16 15:13:46 BST 2003 root@moo.cus.org.uk:/usr/obj/usr/src/sys/BAA i386

	
>Description:
	mail/dovecot 0.99.10

	o Synchronise README.FreeBSD with current reality.
	o Improve security a little by adding a 'dovecot-auth'
	  user and group.

	Not really worth a PORTREVISION bump. The pkg-install could
	be simplified, the duplication was fast to do but is
	inefficient.

	
>How-To-Repeat:
	NA.

	
>Fix:

Index: pkg-install
===================================================================
RCS file: /vol/cvs/freebsd/ports/mail/dovecot/pkg-install,v
retrieving revision 1.2
diff -u -r1.2 pkg-install
--- pkg-install	3 May 2003 21:50:26 -0000	1.2
+++ pkg-install	28 Jun 2003 13:40:52 -0000
@@ -52,7 +52,7 @@
         fi
     fi
 
-    if /usr/sbin/pw user show "${USER}" 2>/dev/null; then
+    if /usr/sbin/pw usershow "${USER}" 2>/dev/null; then
         echo "You already have a user \"${USER}\", so I will use it."
     else
         if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
@@ -67,4 +67,34 @@
         fi
     fi
 
+    USER=dovecot-auth
+    GROUP=dovecot-auth
+
+    if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
+	echo "You already have a group \"${GROUP}\", so I will use it."
+    else
+	if /usr/sbin/pw groupadd ${GROUP} -h -
+	then
+	    echo "Added group \"${GROUP}\"."
+	else
+	    echo "Adding group \"${GROUP}\" failed..."
+	    echo "Please create it, and try again."
+	    exit 1
+        fi
+    fi
+
+    if /usr/sbin/pw usershow "${USER}" 2>/dev/null; then
+	echo "You already have a user \"${USER}\", so I will use it."
+    else
+	if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
+	   -s /sbin/nologin \
+	   -c "Dovecot Auth"
+        then
+	    echo "Added user \"${USER}\"."
+	else
+	    echo "Adding user \"${USER}\" failed..."
+	    echo "Please create it, and try again."
+	    exit 1
+        fi
+    fi
 fi
Index: files/README.FreeBSD
===================================================================
RCS file: /vol/cvs/freebsd/ports/mail/dovecot/files/README.FreeBSD,v
retrieving revision 1.1
diff -u -r1.1 README.FreeBSD
--- files/README.FreeBSD	3 May 2003 21:50:26 -0000	1.1
+++ files/README.FreeBSD	28 Jun 2003 13:46:48 -0000
@@ -4,13 +4,38 @@
 # $FreeBSD: ports/mail/dovecot/files/README.FreeBSD,v 1.1 2003/05/03 21:50:26 nork Exp $
 #
 
- o Dovecot currently will not allow users with a user or group id of 0
-   to login. Because of this you will not be able to open root's
-   mailbox, or any of the mailboxes of users in the wheel group. This is
-   intended as a security feature, and isn't an issue on Linux because
-   the concept of wheel is not enforced by GNU su.
+-> 2003/06/28 (NEW)
 
-  + 2003/04/15
+ o The authentication mechanism is different on FreeBSD 4 and 5.
+   For the default configuration set the following variables in
+   your dovecot.conf according to your version of FreeBSD.
+
+  + FreeBSD 4 (DEFAULT)
+
+    auth_passdb = passwd
+    auth_user = dovecot-auth
+
+  + FreeBSD 5
+
+    auth_passdb = pam *
+    auth_user = root
+
+-> 2003/04/15
+
+ o Dovecot will not allow users with a user or group id of 0 to
+   login. Because of this you will not be able to open root's
+   mailbox, or any of the mailboxes of users in the wheel group.
+
+  + 2003/06/28 (NEW)
+     Dovecot now has four configuration variables which allow you to
+     set the high and low boundaries for acceptable user and group ids.
+     You still can not login to root's mailbox with Dovecot however.
+     The default configuration which comes with the port is now
+     configured to accept connections from users in the wheel group,
+     my patch which added the allow_zero_gid variable below has been
+     removed. Update your configurations to match.
+
+  + 2003/04/15 (DEPRECIATED)
      It is now possible to change this behavior to allow wheel users to
      check their mailboxes with Dovecot. Add the following line to your
      dovecot.conf:
@@ -48,11 +73,14 @@
    The variables you will want to set in dovecot.conf to allow a SSL
    secured POP3 and IMAP service are:
 
-    + protocols = imap imaps pop3 pop3s
-    + ssl_disable = no
+    protocols = imap imaps pop3 pop3s
+    ssl_disable = no
 
    You may wish to also change the following variables to reflect the
    location of SSL certificates on your system.
    
-    + ssl_cert_file = /var/dovecot/ssl/certs/imapd.pem
-    + ssl_key_file = /var/dovecot/ssl/private/imapd.pem
+    ssl_cert_file = /var/dovecot/ssl/certs/imapd.pem
+    ssl_key_file = /var/dovecot/ssl/private/imapd.pem
+
+Thanks,
+Dominic Marks <dominic.marks@btinternet.com>
Index: files/patch-dovecot-example.conf
===================================================================
RCS file: /vol/cvs/freebsd/ports/mail/dovecot/files/patch-dovecot-example.conf,v
retrieving revision 1.5
diff -u -r1.5 patch-dovecot-example.conf
--- files/patch-dovecot-example.conf	27 Jun 2003 04:32:51 -0000	1.5
+++ files/patch-dovecot-example.conf	28 Jun 2003 13:46:11 -0000
@@ -1,5 +1,5 @@
 --- dovecot-example.conf.orig	Thu Jun 26 17:11:06 2003
-+++ dovecot-example.conf	Thu Jun 26 22:36:08 2003
++++ dovecot-example.conf	Sat Jun 28 14:45:41 2003
 @@ -7,11 +7,11 @@
  # --with-ssldir=/etc/ssl
  
@@ -71,7 +71,7 @@
  # Number of login processes to create. If login_process_per_user is
  # yes, this is the number of extra processes waiting for users to log in.
 -#login_processes_count = 3
-+login_processes_count = 1
++#login_processes_count = 1
  
  # Maximum number of extra login processes to create. The extra process count
  # usually stays at login_processes_count, but when multiple users start logging
@@ -213,7 +213,7 @@
  # password databases, nothing else. Only shadow and pam authentication
  # requires roots, so use something else if possible.
 -auth_user = root
-+auth_user = dovecot
++auth_user = dovecot-auth
  
  # Directory where to chroot the process. Most authentication backends don't
  # work if this is set, and there's no point chrooting if auth_user is root.
	


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306281408.h5SE82wS007986>