XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum [Powered by Invision Power Board]
Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > XMail Server > Root Privileges


Posted by: akbsol Jan 24 2010, 06:51 AM
Hi,

Why XMail doesn't have the feature to drop root privileges after binding to ports like many other popular daemons have?

-Akash

Posted by: Sob Jan 24 2010, 04:28 PM
You can run non-root XMail if you want.

There's an old approach using high port numbers and redirecting the proper ports to them using iptables. I don't really like it and it doesn't work with IPv6, because there's no REDIRECT target in ip6tables (at least wasn't when I last checked).

If you use Linux, you can use capabilities to run XMail as unpriviliged user and still allow it to bind to lower ports. Look for commands like sucap and execcap. Although Linux kernel has this functionality for years, you need quite recent 2.6 kernel to actually use it with mentioned command line tools.

Posted by: akbsol Jan 27 2010, 07:19 PM
I have already gone through those no not so nice ways to run non-root Xmail. What I am failing to understand is that why the developer hasn't still implemented simple setuid & setgid calls within the program itself.

-Regards,
Akash

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)