From: Alexander Dalloz (no email)
Date: Wed Jul 07 2004 - 12:21:17 EDT
Am Mi, den 07.07.2004 schrieb Louis LeBlanc um 17:09:
> > > This kinda begs the question, what exactly *should* the permissions be
> > > for sasldb2.db?
> > >
> > > Lou
> >
> > chown root:root /etc/sasldb2
> > chmod 600 /etc/sasldb2
> >
> > (the database has no .db ending)
>
> It appears that the port on FreeBSD does use the .db extension.
Ok, interesting to know.
I must confess that I accidentally thought I would answer a question on
the Fedora list, so it didn't came to my mind that other systems handle
that different.
> Another poster suggested making it owned by cyrus:mail. I assume your
> imapd is run as root?
No, the cyrus-imapd is running as user cyrus. For authentification the
saslauthd is use, which runs as root, and has the necessary permissions
to read either a sasldb or the shadow file.
Back to the more basic question: it is just important that the user
which needs to read the sasldb has permissions on it, but no other user,
because the auth data is stored in plain format in there.
> Lou
Alexander
-- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435.2.3 Serendipity 18:16:09 up 24 min, 9 average: 2.10, 1.53, 0.86
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|