From owner-freebsd-ports Thu Oct 4 18:57:55 2001 Delivered-To: freebsd-ports@freebsd.org Received: from lists.unixathome.org (lists.unixathome.org [210.48.103.158]) by hub.freebsd.org (Postfix) with ESMTP id F075137B405 for ; Thu, 4 Oct 2001 18:57:49 -0700 (PDT) Received: from wocker (lists.unixathome.org [210.48.103.158]) by lists.unixathome.org (8.11.6/8.11.6) with ESMTP id f951vZL07461; Fri, 5 Oct 2001 13:57:37 +1200 (NZST) (envelope-from dan@langille.org) From: "Dan Langille" Organization: novice in training To: "Mario Sergio Fujikawa Ferreira" Date: Thu, 4 Oct 2001 21:57:08 -0400 MIME-Version: 1.0 Subject: Re: qpopper and /etc/ftpusers Reply-To: dan@langille.org Cc: ports@FreeBSD.org Message-ID: <3BBCDB34.20044.1DFCE9A@localhost> In-reply-to: <20010923235103.A18418@exxodus.fedaykin.here> References: <200109210515.IAA76507@ipcard.iptcom.net>; from sobomax@FreeBSD.org on Fri, Sep 21, 2001 at 08:14:50AM +0300 X-mailer: Pegasus Mail for Win32 (v4.0, beta 40) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Any movement on this? I ask because I encountered yet another user being bitten by this problem: http://freebsddiary.org/phorum/read.php?f=1&i=3480&t=3480 On 23 Sep 2001 at 23:51, Mario Sergio Fujikawa Ferreira wrote: > On Fri, Sep 21, 2001 at 08:14:50AM +0300, Maxim Sobolev wrote: > > On Thu, 20 Sep 2001 14:23:48 -0400, Dan Langille wrote: > > > I don't see how POP is connected to ftp users? > > > > /me too > > Okay. Let me begin with, I did not do it. :) It is not my > fault. Though, I don't think it was anybody's fault. > I'd used qpopper for a long and though not connected to > ftp users, the information sharing seemed quite interesting. It seemed > logical though not quite "correct". > Nevertheless, I agree with the issue. I've been following > the thread waiting for a consensus and here goes my suggestion. > > > > This from mail/qpopper/Makefile: > > > > > > CONFIGURE_ARGS= --enable-apop=${PREFIX}/etc/qpopper/pop.auth \ > > > --enable-nonauth-file=/etc/ftpusers \ > > > --with-apopuid=pop --without-gdbm \ > > > --enable-keep-temp-drop > > > > > > Does it make sense to do things that way? If an auth file is to be > > > used at all, why not use one with an appropriate name (e.g. > > > /etc/popusers). > > > > [snip] > > > No, the current setup astually preserves the POLA (it had been that way > > since the beginning of time) - check cvs log for mail/qpopper/Makefile. > > However, it might be a good idea to actually bite the bullet and break > > that stupid POLA. > > > > I would suggest to replace `--enable-nonauth-file=/etc/ftpusers' with > > something like `--enable-auth-file=/etc/pop3users'. Among other things, > > it would ensure that the default setup is the most secure. > > I am considering something on the lines of > > ${PREFIX}/etc/qpopper/popusers > > to uphold hier(7) > > Here is how I plan this: > > 1) --enable-nonauth-file=${PREFIX}/etc/qpopper/popusers > > 2) when installing: > 2.1) if there is no ${PREFIX}/etc/qpopper/popusers.sample: > - if there is /etc/ftpusers, copy it to > ${PREFIX}/etc/qpopper/popusers.sample > - if there is none, cp /dev/null > ${PREFIX}/etc/qpopper/popusers.sample > > 2.2) if there is no ${PREFIX}/etc/qpopper/popusers > ( from a previous instalation ), > cp ${PREFIX}/etc/qpopper/popusers.sample \ > ${PREFIX}/etc/qpopper/popusers > > 3) when deinstalling: > 3.1) if ${PREFIX}/etc/qpopper/popusers.sample > is exactly like ${PREFIX}/etc/qpopper/popusers, > remove ${PREFIX}/etc/qpopper/popusers > > 3.2) remove ${PREFIX}/etc/qpopper/popusers.sample > > popuser{,.sample} are been installed with > > user: pop > group: daemon > perms: 0444 > > dir ${PREFIX}/etc/qpopper/ is > > user: pop > group: daemon > perms: 711 > > Diffs to the port and a pkg-install are supplied for an > examplification. I would like some input. Please test this and let > me know what do you think, specially on the use of the systems > ftpuser to create the popusers.sample. We could settle for an > empty file or supply with the ports within ${FILESDIR}. > This is just a suggestion for a solution. All suggestions > are welcome. > > Regards, > > -- > Mario S F Ferreira - UnB - Brazil - "I guess this is a signature." > lioux at ( freebsd dot org | linf dot unb dot br ) > flames to beloved devnull@someotherworldbeloworabove.org > feature, n: a documented bug | bug, n: an undocumented feature > -- Dan Langille The FreeBSD Diary - http://freebsddiary.org/ - practical examples To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message