Re: [maildropl] Re: replacing procmail with maildrop
Brought to you by:
mrsam
From: Matthias A. <ma+...@dt...> - 2004-06-22 10:26:24
|
Sam Varshavchik <mr...@co...> writes: >> I would try to determine the owner of the maildrop process, > > The owner of the maildrop process is the userid the message is being > delivered to. Sam, the other thing is the group permissions. Maildrop (setuid or run as root, in delivery mode) will set the primary group ID, drop supplementary group IDs and finally will set the user ID. This is no different from Postfix's local(8) delivery service that David is also using: it, too, will strip supplementary group IDs, hence tricks with group writable logs won't work here, at least not for systems that put each user in their own group. OTOH, giving users write permissions for logs may not be a good plan either. I can see two solutions without knowing off-hand if maildrop implements either already: 1. offer to run a separate (and possibly restricted) configuration file BEFORE dropping privileges when setuid-root 2. offer to log into a command instead of a file. That might then be setgid and be as simple as a read and a write. -- Matthias Andree Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 |