chroot I see no reason why POPular can't be run in a
chroot environment, although I haven't tried
it. In the chroot environment you need the
binaries of the servers and any shared libraries they use, the log
directory (/var/log/popular), and the run
directory (/var/run/popular). Depending on your
configuration, you might need
some config files from /etc/popular. For
the proxy all files needed for authentication have to be included
and for the storage server all mailbox directories. If you have
the mailboxes on several disks, you have to mount them all inside
the chroot environment.
One feature of POPular is going to make difficulties: The server
reads /proc/loadavg to determine the load and
react accordingly. It is probably not a good idea to mount
/proc in the chroot
environment, so you either have to live without the feature or find
some way around the limitation of not being able to read
/proc/loadavg.
That said, I don't really see much reason for going through all
the hassle of setting up and maintaining the
chroot environment. All the
important data, that you want to protect either has to be in the
chroot environment anyway (like the mailboxes)
or at least has to be accessible from it through the network (like
authentication data). Of course, it will be harder for an attacker,
but it will be a bit harder for the sysadmin, too. Decide for
yourself, whether you want that extra bit of security.
If somebody is using POPular in a chroot
environment, I like to hear from you. Especially if I need to put
some changes into POPular to make it easier to use in a
chroot environment.