squirrelmail/sasldb2 access problem

Martin Schweizer lists_freebsd at bluewin.ch
Fri Oct 20 10:06:51 UTC 2006


I use cyrus (incl. sasldb2) , apache, sendmail and squirrelmail (incl. plugin 
to change the sasl password).
My problem is that /usr/local/etc/sasldb2.db needs the following right that 
squirrelmail can change the password in the db:

-rw-rw-rw-   1 root  cyrus   24576 20 Okt 11:46 sasldb2.db

This is a security hole, isn't it? Do you have any ideas?



Martin Schweizer
<info at pc-service.ch>

PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon
Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch;
public key : http://www.pc-service.ch/pgp/public_key.asc; 
fingerprint: EC21 CA4D 5C78 BC2D 73B7  10F9 C1AE 1691 D30F D239;

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061020/55dd8e5c/attachment.pgp

More information about the freebsd-questions mailing list