Date: Thu, 4 Oct 2001 21:57:08 -0400 From: "Dan Langille" <dan@langille.org> To: "Mario Sergio Fujikawa Ferreira" <lioux@uol.com.br> Cc: ports@FreeBSD.org Subject: Re: qpopper and /etc/ftpusers Message-ID: <3BBCDB34.20044.1DFCE9A@localhost> In-Reply-To: <20010923235103.A18418@exxodus.fedaykin.here> References: <200109210515.IAA76507@ipcard.iptcom.net>; from sobomax@FreeBSD.org on Fri, Sep 21, 2001 at 08:14:50AM %2B0300
next in thread | previous in thread | raw e-mail | index | archive | help
Any movement on this? I ask because I encountered yet another user being bitten by this problem: http://freebsddiary.org/phorum/read.php?f=1&i=3480&t=3480 On 23 Sep 2001 at 23:51, Mario Sergio Fujikawa Ferreira wrote: > On Fri, Sep 21, 2001 at 08:14:50AM +0300, Maxim Sobolev wrote: > > On Thu, 20 Sep 2001 14:23:48 -0400, Dan Langille wrote: > > > I don't see how POP is connected to ftp users? > > > > /me too > > Okay. Let me begin with, I did not do it. :) It is not my > fault. Though, I don't think it was anybody's fault. > I'd used qpopper for a long and though not connected to > ftp users, the information sharing seemed quite interesting. It seemed > logical though not quite "correct". > Nevertheless, I agree with the issue. I've been following > the thread waiting for a consensus and here goes my suggestion. > > > > This from mail/qpopper/Makefile: > > > > > > CONFIGURE_ARGS= --enable-apop=${PREFIX}/etc/qpopper/pop.auth \ > > > --enable-nonauth-file=/etc/ftpusers \ > > > --with-apopuid=pop --without-gdbm \ > > > --enable-keep-temp-drop > > > > > > Does it make sense to do things that way? If an auth file is to be > > > used at all, why not use one with an appropriate name (e.g. > > > /etc/popusers). > > > > [snip] > > > No, the current setup astually preserves the POLA (it had been that way > > since the beginning of time) - check cvs log for mail/qpopper/Makefile. > > However, it might be a good idea to actually bite the bullet and break > > that stupid POLA. > > > > I would suggest to replace `--enable-nonauth-file=/etc/ftpusers' with > > something like `--enable-auth-file=/etc/pop3users'. Among other things, > > it would ensure that the default setup is the most secure. > > I am considering something on the lines of > > ${PREFIX}/etc/qpopper/popusers > > to uphold hier(7) > > Here is how I plan this: > > 1) --enable-nonauth-file=${PREFIX}/etc/qpopper/popusers > > 2) when installing: > 2.1) if there is no ${PREFIX}/etc/qpopper/popusers.sample: > - if there is /etc/ftpusers, copy it to > ${PREFIX}/etc/qpopper/popusers.sample > - if there is none, cp /dev/null > ${PREFIX}/etc/qpopper/popusers.sample > > 2.2) if there is no ${PREFIX}/etc/qpopper/popusers > ( from a previous instalation ), > cp ${PREFIX}/etc/qpopper/popusers.sample \ > ${PREFIX}/etc/qpopper/popusers > > 3) when deinstalling: > 3.1) if ${PREFIX}/etc/qpopper/popusers.sample > is exactly like ${PREFIX}/etc/qpopper/popusers, > remove ${PREFIX}/etc/qpopper/popusers > > 3.2) remove ${PREFIX}/etc/qpopper/popusers.sample > > popuser{,.sample} are been installed with > > user: pop > group: daemon > perms: 0444 > > dir ${PREFIX}/etc/qpopper/ is > > user: pop > group: daemon > perms: 711 > > Diffs to the port and a pkg-install are supplied for an > examplification. I would like some input. Please test this and let > me know what do you think, specially on the use of the systems > ftpuser to create the popusers.sample. We could settle for an > empty file or supply with the ports within ${FILESDIR}. > This is just a suggestion for a solution. All suggestions > are welcome. > > Regards, > > -- > Mario S F Ferreira - UnB - Brazil - "I guess this is a signature." > lioux at ( freebsd dot org | linf dot unb dot br ) > flames to beloved devnull@someotherworldbeloworabove.org > feature, n: a documented bug | bug, n: an undocumented feature > -- Dan Langille The FreeBSD Diary - http://freebsddiary.org/ - practical examples To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BBCDB34.20044.1DFCE9A>