can't change saslpasswd2 via squirrelmail plugin

To: debian-user@lists.debian.org
Subject: can't change saslpasswd2 via squirrelmail plugin
From: Will Trillich <will@serensoft.com>
Date: Thu, 17 Jun 2004 23:39:26 -0500
Message-id: <[🔎] 20040618043926.GA18483@serensoft.com>
Mail-followup-to: debian-user@lists.debian.org

we've got squirrelmail (all php) and cyrus21 running, and they
work like a dream. the not-so-dreamy part is when we try to give
users the option of changing their own passwords via the web
interface--

we did the standard (testing distro) "apt-get install
squirrelmail" to get it started, and then downloaded and
untarred one solitary plugin from squirrelmail.org -- which has
a teeny C program to run saslpasswd2 SUID user cyrus:

    #include <stdio.h>
    #include <unistd.h>

    // set the UID this script will run as (cyrus user)
    #define UID 109
    // set the path to saslpasswd or saslpasswd2
    #define CMD "/usr/sbin/saslpasswd2"

    main(int argc, char *argv[])
    {
    int rc,cc;

        cc = setuid(UID);
        rc = execvp(CMD, argv);
        if ((rc != 0) || (cc != 0))
        {
            fprintf(stderr,"__ %s:  failed %d  %d\n",argv[0],rc,cc);
            exit(1);
        }
    }

that's the whole file! (where 109 is the uid in /etc/passwd for
user "cyrus".)

we installed libc6-dev, compiled the program and did

    # chown cyrus.www-data chgsaslpasswd
    # chmod 4550 chgsaslpasswd
    # ls -F chgsaslpasswd
    -r-sr-x---  1 cyrus  www-data  12346 Jun 17 18:51 chgsaslpasswd*

so it's runnable by apache (group www-data), and SUID to cyrus.

but, via apache, we see only:

[Thu Jun 17 21:15:19 2004] [notice] Apache/1.3.29 (Debian GNU/Linux) PHP/4.3.4 mod_ssl/2.8.16 OpenSSL/0.9.7c mod_perl/1.29 configured -- resuming normal operations
[Thu Jun 17 21:15:19 2004] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache-perl/suexec)
[Thu Jun 17 21:15:19 2004] [notice] Accept mutex: sysvsem (Default: sysvsem)
chgsaslpasswd: generic failure

fortunately (or not?) this is echoed when we try it from the
command line as user www-data (i.e. apache user):

    # cd /usr/share/squirrelmail/plugins/chg_sasl_passwd
    # su www-data
    $ ./chgsaslpasswd -p pickauser
    yyurYYUBicurYY4me
    chgsaslpasswd: generic failure

of course, running this as user cyrus works fine (but we need it
to work for www-data, of course). is there something we're
missing in the SUID bits? why can't user www-data run this?

or, better yet, is there a debian-savvy "squirrelmail-plugins"
install method?

-- 
I use Debian/GNU Linux version 3.0;
Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
 
DEBIAN NEWBIE TIP #73 from USM Bish <bish@nde.vsnl.net.in>
:
Looking for a way to CAPTURE A TRANSCRIPT OF SOME COMMANDS?
Easy!  To catch anything from the screen when it scrolls by,
use "script":
	script file-to-save-transcript-in.txt
	<command>
	<command>
	exit <== don't forget this!
(It spawns another shell, and displays everything so you can
work -- but it also saves the output in the file at the same
time.) Then "pager file-*transcript*" to review it. Or email it.
Or edit it for inclusion in a manual you're writing.

Also see http://newbieDoc.sourceForge.net/ ...

Reply to:

Prev by Date: mod_throttle makes apache really slow.
Next by Date: Re: Setting up a printer
Previous by thread: Creating a backup of the system
Next by thread: CBQ for DEBIAN
Index(es):
- Date
- Thread