Date: Sun, 24 Jul 2005 22:06:01 +0200 From: Jose M Rodriguez <josemi@freebsd.jazztel.es> To: Yarema <yds@coolrat.org> Cc: ports@freebsd.org, Oliver Lehmann <oliver@freebsd.org> Subject: Re: security/courier-authlib and courier user Message-ID: <200507242206.02218.josemi@redesjm.local> In-Reply-To: <D8FEAD2A55A14B6EC96CC90C@tuber.coolrat.org> References: <200507241509.44752.josemi@redesjm.local> <200507241644.15692.josemi@redesjm.local> <D8FEAD2A55A14B6EC96CC90C@tuber.coolrat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
El Domingo, 24 de Julio de 2005 20:43, Yarema escribi=F3:
> --On Sunday, July 24, 2005 16:44:14 +0200 Jose M Rodriguez
>
> <josemi@freebsd.jazztel.es> wrote:
> > El Domingo, 24 de Julio de 2005 15:29, Oliver Lehmann escribi=F3:
> >> Jose M Rodriguez wrote:
> >> > Hi,
> >> >
> >> > After using courier-authlib with maildrop (from sendmail) and
> >> > courier-imap, I can't see any reason to have a courier user.
> >> >
> >> > This seems more a need of the courier mailer, and maybe of the
> >> > tarball build/install system (I doubt).
> >> >
> >> > So, I'm thinking about the convenience of don't do any courier
> >> > user work and do a rcNg for the courier mailer that fire-up all
> >> > the components (and not use courier-authlib rcNG for courier
> >> > mailer). I think the courier user only matters to the courier
> >> > mailer.
> >>
> >> "For the Courier mail server, /var/run/courier/authdaemon should
> >> be owned by the userid that Courier is installed under, and it
> >> must be readable and writable by the Courier user and group (but
> >> no world permissions)."
> >>
> >> How can I do this if I don't create the courier user with
> >> courier-authlib?
> >
> > First, this needs test, but I think that the real problem is
> > using /usr/local/etc/rc.d/courier-authdaemond.sh with courier
> > mailer.
> >
> > I think courier mailer users must maintain
> > courier_authdaemond_enable to NO and embed
> > /usr/local/etc/rc.d/courier-authdaemond.sh functonality in its own
> > rc script.
> >
> > This have more sense with the closed concept of the courier mailer.
> >
> > Also thinking in support ${courier_authdaemond_user:=3Droot}
> > in /usr/local/etc/rc.d/courier-authdaemond.sh
> >
> > --
> > josemi
>
> First let me quote the relevent portion of
> http://www.Courier-MTA.org/authlib/INSTALL.html then I'll add my
> thoughts on this.
> <snip/>
> In the all inclusive courier MTA having the courier-authlib config
> files owned by UID/GID "courier" allows the webadmin CGI to be used
> to administer all things courier including courier-authlib. But more
> importantly having user "courier" improves security by sandboxing
> the daemons into running under a UID/GID not used by anything else.=20
> Yes, according to the docs above we could use user "daemon" or any
> number of other pre-existing UIDs. But that goes against the thinking
> of current security practice that having daemons with any security
> implications run under a sandbox UID/GID is a Good Thing. I mean,
> the OpenBSD folks go to great lengths to include privilege separation
> into everything they run just in case there might be a vulnerability
> which could wreak havoc if the daemon was running with root
> privileges. Also look at how the functionally closest package to
> courier-authlib does things: cyrus-sasl installs and uses UID/GID
> cyrus. And again the main reason is sandboxing or privilege
> separation if you will.
config (${PREFIX}/etc) owned by courier seems a good point to maintain=20
things as used now.
=2D-
josemi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507242206.02218.josemi>