[imp] QUOTA OVER WU-IMAP ???

scaryfast at flyingmug.com scaryfast at flyingmug.com
Fri Feb 7 08:52:48 PST 2003


Intro
-----
The wu-imap server does not have quota support.  But if you are meet 
certain requirements, and are willing to deal with the security and
other issues, you can add quota support to IMP with the wu-imap server.

Requirements
------------
* Working Horde 2.x and IMP 3.x installation on machine with the quotas ++
* Working quotas ON THE SAME SYSTEM as the horde/imp web server ++
* Root access to the system (so you can setup sudo)
* Working sudo installation
* Either no user logins on the server and no personal executable web pages on
  the server (cgi, php, etc), OR you don't care if people can see other
  people's quotas and think the quota program is safe to run suid.

  ++ You may be able to do this with rquotad/NFS, but have not tested that.

Instructions
------------

On most systems, only root can get the quotas for another user.  For this,
we need to allow the user the web server runs as (hopefully not root!) to
also be able to get quotas. 

Add a sudo entry such as:

# rule to allow apache view quota
apache          ALL= NOPASSWD: /usr/bin/quota

To allow the web server user (shown above as "apache") to run the quota
program (shown above as "/usr/bin/quota").  You will need to modify the
above to match your system configuration and needs.  You may also have
to set/change other sudo options (like the lecture) depending on your
system setup.

Then modify horde/imp/config/conf.php to use a routine like the one of
the following (different for IMP 3.0 and IMP 3.1):

IMP 3.0
-------

// If this is set to a function name, that function will be used
// to show the user's quota usage on the mailbox page.
// See the 'imp_show_quota' function below for an example.
$conf['hooks']['quota'] = 'imp_show_quota';

/* Gets the quota usage from the imap server.  */
/* This requires a modified "quota" command that allows the httpd server */
/* account to get quotas for other users... */

if (!function_exists('imp_show_quota')) {
    function imp_show_quota ($imp) {
        $imap_admin = $imp['user'];
        $passwd_array = posix_getpwnam($imap_admin);
        $homedir = split("/", $passwd_array['dir']);
        $realname = split(",", $passwd_array['gecos']);
        $junk = exec("/usr/bin/sudo /usr/bin/quota -u $imap_admin | grep 
$homedir[1]",
                     $quota_data,$return_code);
        if ($return_code == 0 && count($quota_data) == 1) {
           $splitted = split("[[:blank:]]+", trim($quota_data[0]));
           $used = $splitted[1] / 1000 ; $quota = $splitted[2] / 1000 ;
           $percent = $used * 100 / $quota ;
           $exceeded = strpos($splitted[1], "*") ? "EXCEEDED!":"";
             echo '<table width="100%" border="0" cellpadding="0" 
cellspacing="0"><tr><td class="item"><table border="0" cellspacing="0" 
cellpadding="0" width="100%"><tr>';
             echo '<td align="left" class="header">Login: ' .  
$imap_admin . '</td>';
             echo '<td align="right" class="header">';
             echo sprintf("Quota: %.1fMB/%.1fMB (%.1f%%) %s", $used, $quota, 
$percent, $exceeded);
             echo '</td></tr></table></td></tr></table>';
        }
        else {
             echo '<table width="100%" border="0" cellpadding="0" 
cellspacing="0"><tr><td class="item"><table border="0" cellspacing="0" 
cellpadding="0" width="100%"><tr>';
             echo '<td align="left" class="header">Login as ' .  
$imap_admin . '</td>';
             echo '<td align="right" class="header">';
             echo "Quota not available";
             echo '</td></tr></table></td></tr></table>';
        }
    }
}



IMP 3.1
-------

// If this is set to a function name, that function will be used
// to show the user's quota usage on the mailbox page.
// See the 'imp_show_quota' function below for an example.
$conf['hooks']['quota'] = 'imp_show_quota';

/* Gets the quota usage for a user.  */
/* This requires a modified "quota" command that allows the httpd server */
/* account to get quotas for other users...  It also requires that your  */
/* web server and imap server be the same server or at least have shared */
/* authentication and file servers (e.g. via NIS/NFS)                    */

if (!function_exists('imp_show_quota')) {
   function imp_show_quota ($imp) {
        $imap_admin = $imp['user'];
        $passwd_array = posix_getpwnam($imap_admin);
        $homedir = split("/", $passwd_array['dir']);
        $realname = split(",", $passwd_array['gecos']);

        $quota_html = '<table width="100%" border="0" cellpadding="0" 
cellspacing="0"><tr><td class="item"><table border="0" cellspacing="0" 
cellpadding="0" width="100%"><tr>';
        $quota_html .= '<td align="left" class="header">Login: ' . $realname
[0] . " (" . $imap_admin . ")" . '</td>';

        $junk = exec("/usr/bin/sudo /usr/bin/quota -u $imap_admin | grep 
$homedir[1]",
                     $quota_data,$return_code);
        if ($return_code == 0 && count($quota_data) == 1) {
           $splitted = split("[[:blank:]]+", trim($quota_data[0]));
           $taken = $splitted[1] / 1000 ; $total = $splitted[2] / 1000 ;
           $percent = $taken * 100 / $total ;
           if ($percent >= 90) {
               $class = 'quotaalert';
           } elseif ($percent >= 80) {
               $class = 'quotawarn';
           } else {
               $class = 'header';
           }
           $quota_html .= '<td align="right" class="' . $class . '">';
           $quota_html .= sprintf("Quota on /%s: %.1fMB/%.1fMB (%.1f%%)", 
$homedir[1], $taken, $total, $percent);
        } else {
            $quota_html .= '<td align="right" class="header">';
            $quota_html .= "Quota not available";
        }
        $quota_html .= '</td></tr></table></td></tr></table>';
        return $quota_html;
    }
}


Conclusion
----------
The above should result in you have a status bar that shows quotas (if you
use the code above, also the login name/userid of the person using IMP).

It is up to you or your system admin to decide if this is reasonable or
not.  You are giving access to a program to a user that normally wouldn't
have that access, using system calls from php, etc.  It may not meet your 
security concerns.

Credits
-------

--------------------------------------------
Virus Scanned by https://mail.flyingmug.com


More information about the imp mailing list