From owner-freebsd-questions@FreeBSD.ORG Fri Oct 20 11:29:13 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0624A16A40F for ; Fri, 20 Oct 2006 11:29:13 +0000 (UTC) (envelope-from pobox@verysmall.org) Received: from thing.verysmall.org (thing.verysmall.org [212.100.226.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 003C043D68 for ; Fri, 20 Oct 2006 11:29:06 +0000 (GMT) (envelope-from pobox@verysmall.org) Received: from [145.254.181.20] (dialin-145-254-181-020.pools.arcor-ip.net [145.254.181.20]) by thing.verysmall.org (Postfix) with ESMTP id 056EC22830 for ; Fri, 20 Oct 2006 12:23:38 +0100 (BST) Message-ID: <4538B300.9020700@verysmall.org> Date: Fri, 20 Oct 2006 13:29:04 +0200 From: "pobox@verysmall.org" User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20061020101748.GA26596@saturn.pcs.ms> In-Reply-To: <20061020101748.GA26596@saturn.pcs.ms> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: squirrelmail/sasldb2 access problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2006 11:29:13 -0000 Martin Schweizer wrote: > Hello > > I use cyrus (incl. sasldb2) , apache, sendmail and squirrelmail (incl. plugin > to change the sasl password). > My problem is that /usr/local/etc/sasldb2.db needs the following right that > squirrelmail can change the password in the db: > > -rw-rw-rw- 1 root cyrus 24576 20 Okt 11:46 sasldb2.db > > This is a security hole, isn't it? Do you have any ideas? Did you ask this at Squirrelmail? I think there you will get more responses. Iv