Re: checkcdb-0.53 + single pop user setup

Thanks Chris!

It works perfectly now, after removing the -u and -g tcpserver args.

---- <snip:/service/qmail-pop3d/run> ----
exec softlimit -m 2000000 tcpserver -v -R -H -l 0 -x \
/etc/tcprules/pop3.cdb -c "$MAXPOP3" 0 110 /var/qmail/bin/qmail-popup \
localhost /usr/bin/checkcdb /var/qmail/bin/qmail-pop3d inbox 2>&1
---- </snip:/service/qmail-pop3d/run> ----

I was misled by Paul Gregg's qmail-single-uid-pop3d-howto.html which
uses the -u and -g switch for tcpserver, but I see in checkcdb.c that it
switches to the uid specified in poppasswd (actually poppasswd.cdb),
which as you pointed out requires qmail-popup/checkcdb to run as root.
I haven't touched C in a while, but it looks like these few lines do
the trick:

---- <snip:/usr/local/src/checkcdb-0.53/checkcdb.c> ----
if (!pathexec_env("USER",pw->pw_name)) _exit(111);
if (!pathexec_env("HOME",popdir)) _exit(111);
if (!pathexec_env("SHELL",pw->pw_shell)) _exit(111);
---- </snip:/usr/local/src/checkcdb-0.53/checkcdb.c> ----

Thanks again.

cheers
Dale

On Mon, Dec 02, 2002 at 06:19:44AM -0500, Chris Johnson wrote:
> qmail-popup/checkcdb has to run as root. Once the user is authenticated,
> checkcdb (or whatever checkpassword you're using) needs to switch to that
> user's uid to execute qmail-pop3d, and only root can do that.
> 
> Chris