On Fri, Oct 20, 2006 at 08:25:03PM +0200, Eugenio Jordán González wrote: > Hi: > > I know it's already pretty late to try to provide some hints on this issue, but > didn't like to miss the chance in case some other people might hit same issue > in the future. > > Provided plugin for Squirrelmail + Cyrus + SASL uses, as per code, a call to > saslpasswd2 binary. In fact, it's writing a Berkely DB file, usually /etc/ > sasldb2. Depending upon your configuration, by default: > > XXX:/var/log/httpd # ls -l /etc/sasldb2 > -rw-r--r-- 1 root root 45056 Oct 20 20:00 /etc/sasldb2 > > Well, with such permissons and ownership, cyrus will not be able to run > saslpasswd2 successfully. cyrus user belongs in default installations to group > mail, as well as root, but notice root:root assign! This causes saslpasswd2 to > fail. Try then: > > XXX:/var/log/httpd # ls -l /etc/sasldb2 > -rw-rw-r-- 1 root mail 45056 Oct 20 20:00 /etc/sasldb2 > > This has worked for me. But: > > wwwrun@XXX:/XXX_DIR> ./chgsaslpasswd -p foo > oof > chgsaslpasswd: generic failure > > It makes sense, right? > > XXX:/XXX # usermod -G 12 wwwrun > XXX:/XXX # su wwwrun > wwwrun@XXX:/XXX> id > uid=30(wwwrun) gid=8(www) groups=8(www),12(mail) > wwwrun@XXX:/XXX> ./chgsaslpasswd -p foo > oof > > , and it works! At least for me. Of course, it implies a risk for your system > security. You could use sudo to try to reduce the impact. > > Hope this might help anyone else. > > P.D.: As a matter of fact, wwwrun's shell is set to /bin/false by default. Had > to temporarily to "runnable" shell. Hi Eugenio, Have you filed this information and fix as a bug report against sasl and/or squirrelmain, because this would appear to be very important and valueable info for the maintiners! cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org |
Attachment:
signature.asc
Description: Digital signature