Solved

Linux Networking question

Posted on 1997-09-07
4
183 Views
Last Modified: 2010-03-18
Hi !

For my university I need to setup a single Linux server for
email accounts. I don't need to have telnet or ftp accounts,
only email...

So what I need is : to add some user login and password into
a db (or gdbm file) to add news users for sendmail (this is
easy : I already done that.) and find a modified version of
a pop server to look at the db file for user accounts/password, not the /etc/passwd file.

Tanks,
Xavier
0
Comment
Question by:kiwi35
  • 2
4 Comments
 
LVL 3

Expert Comment

by:sauron
ID: 1586465
I have looked around a little for pop servers myself, and all the implementations I have seen have used account info from /etc/passwd. You could simply add user accounts to /etc/passwd, as you would normally, and change the shell for these users to /bin/true. This would prevent them from logging in, and as long as /bin/true is not listed in /etc/shells, they will be unable to use ftp access also. The ftpusers file can also be used to block ftp access.

Between this and sendmails /etc/aliases file, you should be able to do whatever you like with mail, while retaining security.




0
 

Author Comment

by:kiwi35
ID: 1586466
Yes, This like I use now, but to modify the /etc/passwd you must be root (or suid)... Because I don't want any root access on this machine when add/deleting users.

Also the machine will be a mail hub, so ftp access isn't a good idea since I don't want any additions to /etc/passwd...

Also I need speeeeeed : I have about 1000 users (in the next three month about 5000 users [not only univesity students]) so the main idea is use a fast database access..

The best idea of db/dbm file is :

  - you don't need to be root to modify it... For exeample
    a user staff or mailstaff can add / delete thoses mails
    account without root access...
  - db/dbm are fast access database... Since my database is going
    to be more and more big I need speed... (yes I know i can
    buy a new machine but I don't have any funds yet !)
  - there also a security issue since the accounts are not in
    /etc/passwd there is no way some user can log into this
    server.
  - I can managa also virtual domains better..

Also, the NIS solution is not good : NIS server down = no mail and NIS lookup are too slow...

/xavier
0
 
LVL 4

Accepted Solution

by:
unicorntech earned 80 total points
ID: 1586467
The way I would set this up would take alittle bit of time and thought but here goes. Write some code similar to .htaccess file and set up a seperate password file. You will need to hack some of the kernel code to do this. After you have done this then you would set up some non-priveleged scripts to add users to this file.

After the user is added to the file this could then point to the mail functions you require.

The coding and kernel hacking for this would be quite extensive and unless you have the expertise yourself I would recommend getting a qualified programmer to do the code and kernel changes for you.

I haven't the time to write the code and the question would need  to be substantially more well rewarded for someone to do this. Try it yourself or get an expert to do it but I feel this woul;d be the only way that you will get what you require...

Regards,

Jason
0
 

Author Comment

by:kiwi35
ID: 1586468
The solution proposed is mainly to change /etc/passwd to /usr/local/mail/passwd...

The main problem is the user/passwd are in text mode and has lots of problems :

 - it is slow... Imagine a lookup on 20000 users...
 - it is really unworkable, when you add or remove a user
   it can takes hours to find the correct login,
 - it is impossible to modify this database quickly (for example
   without shuting down the mail server...)

Then I don't see why I must hacking the kernel to solve this problem... Only the popper's sources should be enougth, isn't it ?

I can give the idea that I want to have all my user/passwd in a SQL server on the mail server... (it is fast and we don't need to have root access to add new data...).

The main idea of this project is : all user/passwd will be on one centralized database that don't depend of the Operating System !

The solution just moves the problem to another place but don't solve it... Remenber I need speed !!!!!! and only a db/dbm/gdbm file can give such speed !

Thanks again,
/Xavier
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now