diff options
| author | Cheng-Lung Sung <clsung@FreeBSD.org> | 2006-07-27 08:07:23 +0000 |
|---|---|---|
| committer | Cheng-Lung Sung <clsung@FreeBSD.org> | 2006-07-27 08:07:23 +0000 |
| commit | c9c4d0a1c68dc34043b947e4ac77c33ce31beb2e (patch) | |
| tree | 459a3a484f8a64ee8954d10096e6f73efbe031f6 /security/courieruserinfo/pkg-message | |
| parent | 4adef23672f71942245a56b40b8e689736b48471 (diff) | |
| download | ports-c9c4d0a1c68dc34043b947e4ac77c33ce31beb2e.tar.gz ports-c9c4d0a1c68dc34043b947e4ac77c33ce31beb2e.zip | |
Add courieruserinfo 1.1.2, user account information retrieval utility.
PR: ports/100900
Submitted by: Andrew St. Jean <andrew at arda.homeunix.net>
Notes
Notes:
svn path=/head/; revision=168861
Diffstat (limited to 'security/courieruserinfo/pkg-message')
| -rw-r--r-- | security/courieruserinfo/pkg-message | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/courieruserinfo/pkg-message b/security/courieruserinfo/pkg-message new file mode 100644 index 000000000000..0540fc049697 --- /dev/null +++ b/security/courieruserinfo/pkg-message @@ -0,0 +1,44 @@ + +######################################################################### +NOTES FOR RUNNING COURIERUSERINFO + +In order to use courieruserinfo, it must be able to access the +authdaemon domain socket, named 'socket'. When courieruserinfo runs as +root, this presents no problem. However, if you need to run courieruserinfo +as a non-root user, you have three options, all of which require some +manual work. + +Option 1: Add the user courieruserinfo will run as to the group that +owns the authdaemon socket directory in /etc/group. More than one user +can be added to the group vector in this way. This arrangement works +well if courieruserinfo will be run by only a small number of users. +If the authdaemon socket directory is owned by courier:courier and you +run courieruserinfo as user vmail, your /etc/group file will have a line +something like this: + + courier:x:465:vmail + +Option 2: Some programs, such as tcpserver, allow you to separately set +the uid and gid of programs they call but don't honour the group vector +found in /etc/group. If you invoke courieruserinfo from such a program, +set the gid to the group ownership of the authdaemon socket directory. + +Option 3: Change the permissions on courieruserinfo to set gid to the +group ownership of the socket directory. Again, if the socket directory +is owned by courier:courier, change the ownership and permissions +of courieruserinfo like so: + + chgrp courier courieruserinfo + chmod g+s courieruserinfo + +Be aware that this will allow any user on the system to access user +account information through courieruserinfo. + +To mitigate possible security risks posed by running courieruserinfo +setgid, courieruserinfo cannot retrieve passwords. + +The location of the authdaemon domain socket is listed in the +authdaemonrc configuration file as the parameter authdaemonvar. + +######################################################################### + |