3.2 Creating the Users and Groups

Previous page
Table of content
Next page

Qmail uses a set of user ids and group ids to control access to various qmail facilities. Because Dan doesn't trust the system libraries (history is on his side), he doesn't make system calls to determine these uids. Instead, the uids are compiled into various programs. That means that the qmail users must exist prior to compiling the programs.

Some versions of Unix and Linux are distributed with the qmail users and groups already defined. If your /etc/passwd (or equivalent) contains entries for alias, qmaild, qmaill, qmailp, qmailq, qmailr, and qmails, and your /etc/group contains entries for qmail and nofiles, you're all set and can skip ahead to "Configuring and making the software." Otherwise you must create the users and groups yourself. There are several ways to do this.

3.2.1 The adduser Script

Some Unices have a program called useradd or adduser to create users and groups. Often, use of this program is mandatory, because the machine uses shadow passwords. To be safe, use the program when it exists. The INSTALL.ids file has the necessary commands. Copy that file to /tmp/mu, locate the right set of commands, delete everything else, delete the pretend root prompt characters in front of the commands, save it to a file, and run that file using sh /tmp/mu.

3.2.2 Adding by Hand

Some Unices let you create groups by editing the /etc/group file and users by editing the /etc/passwd file, the latter typically through the vipw program. Edit /etc/group and add the following two lines:

qmail:*:2107: nofiles:*:2108:

Make sure that 2107 and 2108 are unique group id numbers. If you have to change them, also change them in the user information in the next section.

Always edit /etc/passwd using the vipw program, if it exists. It ensures that your shadow password database (if you're using one) is kept up to date. It also locks the password file against other programs changing it. If you have no vipw program, then go ahead and edit with your favorite text editor.

Add the following set of lines to /etc/passwd:

alias:*:7790:2108::/var/qmail/alias:/bin/true qmaild:*:7791:2108::/var/qmail:/bin/true qmaill:*:7792:2108::/var/qmail:/bin/true qmailp:*:7793:2108::/var/qmail:/bin/true qmailq:*:7794:2107::/var/qmail:/bin/true qmailr:*:7795:2107::/var/qmail:/bin/true qmails:*:7796:2107::/var/qmail:/bin/true

Verify that 7790 through 7796 are unique user id numbers. If they're already in use, pick some other unused numbers. The exact id numbers don't matter so long as they're all different from each other and different from every other user on the system.

3.2.3 Nofiles Group Really Has No Files

The Unix "groups" concept makes it convenient to allow access to some files and deny it to others. One commonly overlooked possibility is that some users do not need to have any group permissions. The Unix kernel requires that each user belong to at least one group. However, obtain the effect of "no group" by a user-level discipline.

Qmail creates a group that no files ever use. This group is called nofiles, naturally enough. Qmail uses this group for users who do not need group permissions. Users alias, qmaild, qmaill, and qmailp have no need to read or write files other than some very specific ones, and each owns the files it needs to write. Some Unices have a "nogroup" or "nobody" group; however, these cannot be used by a process and so cannot be used by qmail.

On most Unix systems, audit your system to see if any files are owned by "nofiles" using the following find command:

find / -group nofiles

Previous page
Table of content
Next page
qmail
qmail
ISBN: 1565926285
EAN: 2147483647
Year: 2006
Pages: 152
Authors: John R. Levine
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
SQL Hacks
Cisco IOS Cookbook (Cookbooks (OReilly))
What is Lean Six Sigma
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy