Debian courier-webadmin package =============================== Please read `/usr/share/doc/courier-base/README.Debian` for more information about the packaging of the Courier Mail Server suite. Runtime and Configuration ------------------------- If your web server has been installed and configured according the Debian policy and support for CGI has ben enabled the administration tool can be accessed with the following URL: http://localhost/cgi-bin/courierwebadmin The binary CGI must have setuid root permissions. The package specifically asks for this during installation, as this poses a certain security risk. However, webadmin requires root access to apply configuration changes. For all other requests, it operates under the `courier` user. Courier uses several configuration files which are located in `/etc/courier`. Some configuration files can be replaced by a subdirectory where all files insides this directory are concatenated and considered to be a single, consolidated, configuration file. The webadmin frontend relies on configuration directories instead of configuration files. If you agreed to the corresponding question on initial setup, the directories needed for the web-based administration tool will be created (unless there already exists a plain file in place). Permissions and usage --------------------- If you provided a password during the initial setup, it got saved to `/etc/courier/webadmin/password`. It got stored in plain test, but made readable only to the courier user (and root). To protect inadvert access or a leak of the passwort, webadmin by default enforces the following restrictions: * the HTTP request must originate from the local machine, or * the HTTP request must be SSL encrypted However, please note that a reverse proxy might inadvertently circumvent the former check and make all requests appear local. Please ensure this is not the case and take appropriate measures to protect the secrecy of your password. About the SUID and SGID ----------------------- The CGI binary `webadmin` is setuid root. There's also a related setgid binary from sqwebmail, if installed: `sqwebpasswd`. That's a CGI helper used by courier-webadmin. 1. The setuid root privilege is only needed to implement mail filtering "on the wire", when receiving mail from an external mail relay (see localmailfilter(7) for more information). Removing the setuid root bit still allows traditional mail filtering to be used, after the message is received and delivered to the mailbox. 2. The setgid group privilege is only need for alter users password or manual set of those passwords. The password change request is validated by the authentication daemon, and the old password must match the existing password on the account, before the password change goes through. -- PICCORO Lenz McKAY , Wed, 12 Dec 2020 10:51:54 -0400