[Kolab-devel] Suse kolabd patch

[Bernhard Reiter]

Am Mittwoch, 4. Januar 2006 12:08 schrieb radoeka:
> On Wed, Jan 04, 2006 at 11:47:56AM +0100, Bernhard Reiter wrote:
> > > I just discovered that perl-kolab does
> > > checks on the existance of kolab(-r/-n) users...  The thing is that I
> > > don't whether these are needed at all.  Perhaps they can all be
> > > replaced by users that already exist on the target platform (suse in my
> > > case), like www, ldap, etc?
> >
> > In my conception it would be cool to keep the same users
> > on all Kolab Server installations, best would be with the same uids and
> > gids. This way somebody that understands the Kolab security mechanism
> > can deal with all installations. Otherwise support will be even more
> > distribution specific, which we all want to avoid.
> >
> > The kolab(-r/-n) are used to give certain rights to various processes
> > so that we only give out the needed priviledges. In my conception they
> > probably are good idea to keep even with other users for services around,
> > like www,ldap. Now thinking about it:
> > There probably has a way to integrate them somehow.
> >
> > > It is very interesting to know, which files/apps should be owned by
> > > kolab(-r/-n).  Can you say something about that??
> >
> > This is an implementation part that I (personally) did not look into very
> > much, but Martin and Steffen (should) know.
> > My attempt to find out would be to look at a running Kolab Server (based
> > on OpenPKG) and see about processes and their permissions.
>
> That's what we did almost a year ago...., see:
> http://wiki.kolab.org/index.php?title=Kolab-app-user&action=history
> http://wiki.kolab.org/index.php/Kolab-app-user
> http://wiki.kolab.org/index.php/Suse-app-user

Looks like a good start, why not check this against a current server?
Also I hope that the check permission script will have some of those
integrated so it is documented and can get checked on a server installation.