[gollem] Issues with SQL/home & horde_vfs
Patrick McIntire
me at patrickmcintire.com
Sat Jul 16 15:51:34 PDT 2005
Hey Everyone,
I was hoping someone could point me in the right direction for an answer
to a strange problem arising when trying to configure Gollem for my
box. First the config details:
Horde: 3.0.4
Gollem: 1.0-RC1
PHP: 4.3.10
MySQL: 11.18 (3.23.58 for redhat)
backends.php:
// This backend specifies a home directory and root directory in a SQL vfs.
$backends['sqlhome'] = array(
'name' => 'SQL Server with home',
'driver' => 'sql',
'preferred' => '',
'hordeauth' => false,
'params' => array_merge($GLOBALS['conf']['sql'], array('table' =>
'horde_vfs')),
'loginparams' => array(),
'root' => '/home',
'home' => '/home/' . Auth::getAuth(),
'attributes' => array('type', 'name', 'download', 'modified',
'size', 'permission', 'owner', 'group'),
);
The Problem:
I'm using IMP and IMAP to validate users, so everyone who logs in looks
something like "user at example.com", so essentially Auth::getAuth() =
user at example.com.
What's happening is upon selecting File Manager and descending into
Gollem, the current directory is displayed as "[root]/user at example.com",
which is correct according to backends.php. The problem is that this
directory does not exist and is not being created by Gollem, so the
table horde_vfs in SQL is empty.
When attempting to upload a file to this default directory, it does
exactly what's expected (as there is no actual directory): it errs as
"[root]/user at example.com directory does not exist." and does not upload
the file.
The fix I've found to this is to change to the [root] directory and
create a directory called "user at example.com" either in Gollem, or in SQL
itself. All goes well, and when attempting to upload the file again,
it's saved accordingly.
At this point, only two records exist in horde_vfs: the one for
"user at example.com" and the one for (let's say) "blah.pdf" in the
user at example.com directory.
So, let's move on...
Let's say another user (user2 at example.com) logs into Horde, and into
Gollem. Again, the problem repeats. A directory has to be created in
[root] for "user2 at example.com" through Gollem or SQL. Upload commences,
and everything seems fine.
HOWEVER, now two directories for users exist in [root], and as things
are configured, "user" can access both user@ and user2@ directories with
full access. Similarily, "user2" can access both user2@ and user@
directories will full access. This doesn't seem quite secure, so as a
ghetto chroot, I locked them into their home directory by doing this in
backends.php:
'root' => '/home/' . Auth::getAuth(),
'home' => '/home/' . Auth::getAuth(),
This now makes the default and most base directory the user can access
their actual respective directories.
However, the problem now is that there is no way in Gollem to do
anything with another users directory..
As an example let's say that user3 now logs in. Becuse there is no
user3 at example.com defined in the horde_vfs table, they'll be able to do
nothing in Gollem because they're locked into a directory that doesn't
really exist.
So, I can fix this by going into SQL and creating a record for user3@'s
base directory. But I really don't want to do this for every new mail
account that I set up on my server.
So, that brings me to my main questions:
1. Why isn't Gollem creating these base directories if they aren't present?
2. Is defining root & home as their directories as secure as I can ger
here using vfs?
3. From what it sounds like, do I have any idea of what I'm doing?
Any tips, suggestions, pointers to bug fixes, etc. will be wholly
appreciated.
Thanks!
More information about the gollem
mailing list