Advice about SASL socket directory permissions
Patrick Ben Koetter
p at state-of-mind.de
Fri Nov 28 08:00:54 UTC 2008
* UlisesVitulli <uvitulli at fi.uba.ar>:
> Helo team!
>
> Rene and I are planning to upload a SASL back-end authentication module
> for Apache 2.2[1], here is the software in matter[2].
>
> The reason of this mail is to ask you for advice about what we should
> do/say to do, in reference to the directory permissions where saslauthd
> places its socket on Debian system (var/run/saslauthd), as because of it
> (0710) does not allow Apache running user (commonly www-data), to talk with.
>
> We have arrived at this different 3 'solution' approaches:
>
> 1. Tell to add apache running user to sasl group.
That would be the default and recommended behaviour.
> 2. Tell to change owner of the directory where saslauthd places its
> socket (defaulted to var/run/saslauthd)
The saslauthd init script will 'fix' this on every reboot unless you change
the policy.
> 3. Tell to change permissions of the directory where saslauthd places
> its socket (defaulted to var/run/saslauthd) to allow others with
> +execution (ugly).
Same as in option 2.
> Hoping we could help each other, thanks in advance!
I recommend using option 1. It's the established procedure on Debian.
p at rick
>
>
>
> Dererk
>
> ref
> 1. #499186
> 2. http://mod-authn-sasl.sourceforge.net/
>
> --
> vlady <at> Melee: ~$ grep -ir 'power in your hands' /proc/
> /proc/version: Debian GNUine Perception
>
> BOFH excuse #356: the daemons! the daemons! the terrible daemons!.
>
>
> _______________________________________________
> Pkg-cyrus-sasl2-debian-devel mailing list
> Pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-cyrus-sasl2-debian-devel
--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list