Sophie: squirrelmail-1.4.22-15.2.mga6 noarch

squirrelmail-1.4.22-15.2.mga6.noarch.rpm

Installing Check Quota
======================

1) To install Check Quota, you must untar and gunzip the quota file you
downloaded. This is an example to do this with version 2.2 of the
plugin:

On Linux, FreeBSD, etc:

$ cd plugins
$ tar -xvfz check_quota-2.2-1.4.0.tar.gz

On Solaris, when using Solaris native tar:

$ cd plugins
$ gzip -d check_quota-2.2-1.4.0.tar.gz
$ tar -xvf check_quota-2.2-1.4.0.tar

2) Change into the check_quota directory, copy config.sample.php to
config.php and edit config.php, making adjustments as you deem
necessary (see "Configuring Check Quota" below).

$ cd check_quota
$ cp config.sample.php config.php
$ vi config.php

3) Then go to your SquirrelMail root directory and run configure. Choose
option 8 and move the plugin from the "Available Plugins" category to
the "Installed Plugins" category. Save and exit.

$ cd ../../
$ ./configure

PLEASE NOTE that if you are using the MOTD warning functionality in
Check Quota and you have any other plugins that modify the MOTD, you
should usually make sure that Check Quota is listed AFTER the other
MOTD-related plugins.

Updating Check Quota
=====================

1) Untar the plugin as explained in step 1 in the "Installing Check Quota"
section.

2) Change to the check_quota directory, check your config.php file against
the new version, to see if there are any new or obsolete settings that
you must add to or remove from your config.php file.

$ diff -u config.php config.sample.php

Or simply replace your config.php file with the provided sample and
reconfigure the plugin from scratch (see step 2 in the "Installing
Check Quota" section). This is the recommended procedure when
upgrading from one major version to another (e.g. from 1.x to 2.x).

Configuring Check Quota
=======================

Check Quota supports three different types of quota systems, which
are UNIX (filesystem), IMAP-based and cPanel quotas. The configuration
process differs depending upon which quota system you have.

1) Configuration for IMAP-based quotas:

Not much to do here; if you have installed Check Quota as told in
previous sections, the only thing you have to do is to edit the
config.php file and set "quota_type" to 1. That's it, you can jump
to the end of this file now.

2) Configuration for UNIX (filesystem) quotas:

This type is trickier, but it is not hard. If your web server and
IMAP server are on different machines, see section 2.5 below for
information on how to check remote UNIX quotas, but you should still
read sections 2.1 through 2.4 in order to understand the basic
aspects of configuring this kind of system:

2.1) First you must know how to check your users' quotas. In UNIX,
Linux, FreeBSD, etc., quotas are checked using the "quota -v"
command and only the "root" user has permission to check other
users' quotas with this command.

You also need to determine what user account your web server
runs under. If you are using Apache, you can do this with the
"ps" command:

On Linux, Solaris etc.:

# ps -ef | grep httpd

On FreeBSD, OpenBSD, or other BSD based systems:

# ps aux | grep httpd

This command will show output similar to this:

root 17728 [trimmed info] /usr/apache/bin/httpd -k start
nobody 6514 [trimmed info] /usr/apache/bin/httpd -k start
nobody 6515 [trimmed info] /usr/apache/bin/httpd -k start
nobody 6516 [trimmed info] /usr/apache/bin/httpd -k start
nobody 6517 [trimmed info] /usr/apache/bin/httpd -k start

We see that the "root" user started the web server and the web server
switched to the "nobody" user after startup. In this example, then,
the web server runs under the "nobody" user account. This user must
be able to check anyone's quota, so we must give it some root
privileges. Since this involves some amount of security risk, please
read the following instructions carefully.

2.2) The "sudo" command is how this is achieved. You can find out if
"sudo" is installed on your system by using the "which" command:

# which sudo

This may give output like:

/usr/bin/sudo

This is the path to the "sudo" command on your system. Note this
path, since you will need it later. If the command above gives no
output or gives an error such as "no sudo found", you will have to
install "sudo" first. You can download the latest "sudo" source
from:

http://www.sudo.ws/

Or you can search to see if your UNIX/Linux distribution has a
package for sudo. Installing sudo is beyond the scope of this
document - please look for assitance elsewhere for this task.

You also need to find where the "quota" command resides using
the "which" command again:

# which quota

This should show the path to the "quota" command, which should be
similar to the following (this is what will be used in examples
below):

/usr/bin/quota

2.3) There are two ways to use "sudo" and "quota" to allow the web
server to check user quotas. Please choose one of the following:

a) This method is simpler but is NOT SECURE if your users have
shell access to your system and they are able to switch to
the "nobody" (or whatever user your web server runs as) user
using "su - nobody". While this should be impossible on most
production systems, there may be some systems that are
vulnerable when using this configuration and should therefore
use use the method described in section b below.

Use the "visudo" command to edit sudoers file. Add the
following line to the file that is opened in the editor:

nobody ALL=NOPASSWD: /usr/bin/quota -v *

Of course, replace "nobody" and "/usr/bin/quota" with the
values you found on your system in section 2.2.

If there is no "visudo" command on your system, use your
favorite text editor to create or edit the /etc/sudoers file
and add the line shown above.

b) Copy the "quota" binary to another name such as "cqck" so
that the "quota" binary will be disguised under a name that
your users may not expect. This method is technically NOT
ANY MORE SECURE than the method above, but attempts to achieve
security through obscurity and will prevent most novice hackers
from being harmful.

# cp /usr/bin/quota /usr/bin/cqck

Of course, substitute the correct path here as found in
section 2.2.

Hereafter, this method is identical to the one described above.
As already explained, edit the sudoers file and add this line:

nobody ALL=NOPASSWD: /usr/bin/cqck -v *

Of course, replace "nobody" with the name of the user under
which the web server runs, and "/usr/bin/cqck" should be
whatever you chose to rename the "quota" binary to.

After following either method a or method b above, su to the
"nobody" user (or whomever your web server runs as) and try to
check a user's quota:

# su - nobody
$ /usr/bin/sudo /usr/bin/quota -v some_user

Or:

$ /usr/bin/sudo /usr/bin/cqck -v some_user

If you get quota output for the user, you have correctly
configured your system to work with this plugin. If "sudo"
complains about not finding the sudoers file, prompts you to
enter a password, or if you don't get any quota output for the
commands above, "sudo" may be looking for the sudoers file in a
different directory which may include:

/usr/etc
/usr/local/etc

If this is the case for you, try editing the sudoers file in
these directories. Also, you can find information about this
file with these commands:

$ man sudo
$ man sudoers

2.4) After configuring "quota" and "sudo", all you have to do is edit
the config.php file of the Check Quota plugin and set "quota_type"
to 0 (zero), set "sudo_binary" to "/usr/bin/sudo", and set
"quota_binary" to "/usr/bin/quota" or "/usr/bin/cqck". You will
need to adjust the paths in this example according to your system,
per step 2.2 above. You can now check UNIX quotas in SquirrelMail.

2.5) If your IMAP and web servers are on different machines, you will
need to check UNIX (filesystem) quotas remotely. To achieve this,
you have to take some extra steps:

2.5.1) First be sure that the user which runs your web server (in
our case, the "nobody" user) has a valid home directory.
You can change the home directory for a user using the
following command:

# usermod -d /var/nobody nobody

The command above set the home directory of the "nobody"
user to "/var/nobody". Obviously, you will have to create
this directory if it does not exist.

2.5.2) Go to the /var/nobody directory and create a folder named
".ssh" (the dot in front of the directory name is important).

2.5.3) Enter the ".ssh" directory and execute the following
command:

# ssh-keygen -b 2048 -C check_quota -f id_rsa -t rsa

When you are prompted for a password, give an empty
password (just press enter/return). This will create
two files named id_rsa and id_rsa.pub. Be careful that
the names are EXACTLY id_rsa and id_rsa.pub.

Be sure that the ".ssh" directory and the files inside it
are owned by your web server user. Use the "chown" command
from the /var/nobody directory if they are not:

# chown -R nobody .ssh

2.5.4) Login to your IMAP server and create a user which will
check quotas for you. Be sure that it DOES NOT have a
password. It MUST have a valid home directory and a valid
shell. For this example, we'll use a user named "cquotauser".

2.5.5) Copy the id_rsa.pub (NOT id_rsa) file from your web server to
your IMAP server.

2.5.6) Create a ".ssh" directory in the home directory of the
cquotauser user and add the contents of id_rsa.pub to a file
named "authorized_keys" under this ".ssh" directory.

Be sure that the ".ssh" directory and its contents are owned
by cquotauser, again using "chown" as needed:

# chown -R cquotauser .ssh

2.5.7) Add the following line to your "sudoers" file on your IMAP
server (be careful - this is on your IMAP server, NOT on
your web server!).

cquotauser ALL=NOPASSWD: /usr/bin/quota -v *

If you need assitance with this step, please refer to
sections 2.2 and 2.3 above for more detailed information
about editing the "sudoers" file.

2.5.8) On your web server, "su" to the user that your web server
runs under and execute this command:

$ /usr/bin/ssh cquotauser@IMAP.server.ip.address

The server will prompt about the authenticity of your IMAP
server. Continue connecting, so that your IMAP server will
be added to "known hosts".

Now logout from cquotauser and and execute this command
with your web server user:

$ /usr/bin/ssh cquotauser@IMAP.server.ip.address /usr/bin/sudo /usr/bin/quota -v some_user

You must adjust the paths in the command above according to
your system (see section 2.2 above).

If you get quota information after doing so, you are ready
to use the Check Quota plugin. Otherwise, go back to the
beginning of section 2.5 and verify that you have completed
all steps correctly.

2.5.9) After correctly configuring both servers as described above,
edit the config.php file of the Check Quota plugin and set
"quota_type" to 0 (zero), set "sudo_binary" to "/usr/bin/sudo",
set "quota_binary" to "/usr/bin/quota", set "ssh_binary" to
"/usr/bin/ssh", set "check_unix_on_remote_server" to 1,
set "remote_unix_user" to "cquotauser" and set
"remote_unix_server" to the IP address of your IMAP server.
You will need to adjust the paths in this example according
to your system. You can now check remote UNIX quotas in
SquirrelMail.

3) Configuration for cPanel quotas:

This type is also trickier, but it is simpler than checking UNIX
(filesystem) quotas.

3.1) cPanel does not use UNIX or IMAP quotas and has its own way of
implementing quota support. cPanel appears to hold quota
information in a file called "quota" which resides in
/cpanel_root/reseller/etc/user_domain/

Also, the mails for an account in that domain reside in
/cpanel_root/reseller/mail/user_domain/username

First, then, the Check Quota plugin needs to know what the cPanel
root directory is. Do this by filling in "cpanel_root" in the
config.php file of the Check Quota plugin. Be careful that you
DO NOT in the "reseller" part; you only need the "cpanel_root"
path. "reseller" will be determined automatically.

3.2) After that, Check Quota will be able to obtain users' quotas,
but it still needs to determine users' current usage levels.
This is done by using the "du" command.

While it may appear that the cPanel http daemon runs as the
"nobody" user, it actually runs as the "reseller" account for
each reseller. So the daemon will already be granted the rights
to read the quota information or use the "du" command to calculate
a user's current usage.

The only thing you will have to do is tell the Check Quota plugin
what the path to the "du" binary is. Execute this command:

$ which du

You should see output similar to:

/usr/bin/du

Now simply edit the config.php file of the Check Quota plugin
and set "quota_type" to 2, and set "du_binary" to "/usr/bin/du".
You will need to adjust the path in this example according to
your system. You can now check cPanel quotas in SquirrelMail.

After you have configured your system according to the type of quota system
you have, you may also (optionally) configure the display options for Check
Quota. You can do change how the quota graph is displayed and when the MOTD
quota warnings are shown by editing the "General Display Options" settings
in config.php. Each setting is amply documented therein.

That's all. Have fun.