In order to have GID/UID switching enabled, #define CHKUSER_ENABLE_UIDGID has to be enabled in chkuser_settings.h.

qmail-smtpd, patched with chkuser, must be installed (by default in /var/qmail/bin) with setuid (user qmaild) and setgid (group nofiles) bits on, and executed by tcpserver with -u vpopmail-user and -g vchkpw-group parameters.

qmail-smtpd starts running with the original qmail-smtpd uid and gid, switching to vpopmail uid and gid when checking for user existence, then turning back to starting uid and gid at the end of checking.

Instructions

You have to set SUID (set-user-ID-on-execution) and SGID (set-group-ID-on-execution) bits on qmail-smtpd:

 chown qmaild qmail-smtpd
 chgrp nofiles qmail-smtpd
 chmod 6555 qmail-smtpd 

and the result you see should be like (different size and date, of course):

 -r-sr-sr-x 1 qmaild nofiles 57056 Feb 14 18:18 qmail-smtpd

Integrate qmail-smtpd in your start files:

As example, a real start command for qmail-smtpd may be

 #!/bin/sh -e # # Using splogger to send the log through syslog.
 exec env - PATH="/var/qmail/bin:/usr/local/bin" \
 tcpserver -t 5 -v -p -x <your.tcp.smtp.cdb> \
 -u <vpopmail-user> -g <vchkpw-group> -l <your-host.domain> \
0 smtp qmail-smtpd 2>&1 | splogger smtpd & 

where

 <vpopmail-user> = vpopmail uid
 <vchkpw-group> = vchkpw gid
 <your-host.domain> = your host.domain (!)
 <your.tcp.smtp.cdb> = your tcp.permission.to.relay cdb

Important note

If you are using more system users for your domains, the switched identity I indicated as vpopmail should be set to root.

Interazioni di Antonio Nati [P.IVA 06105661000] - info@interazioni.it - tel. 06.89015453 - fax 06.77260035
All rights reserved - Copyright Inter@zioni 2012 ©- Disclaimer & copyrights