Re: [fetchmail-users] Running fetchmail as root for all users

[Rob M. <rob...@gm...>]

On 7/6/06, Stephen Allen <fet...@ro...> wrote:
> The subject may be a little misleading... in my scenario we have 10 ISP
> POP3 accounts that map to 8 local users.  The way I set it up a few
> years ago was fetchmail running as root and collecting mail for all POP3
> accounts.  I've since discovered that fetchmail is normally run on a
> per-user basis.
>
> Given that the users never log in to a shell, what is the best
> configuration in my case?  Are there pros/cons of doing it either way?

There is no need, unless you're passing email directly to a non-SUID
MDA, to run fetchmail as root.  Indeed, future versions of fetchmail
will refuse to run as root.  I haven't run fetchmail as root since
before 6.0 was released and have not had any problems.

Simply run it as a standard user (say "fetchmail") and have it pass
email to your MTA.

In general, running any program with higher privileges than it
requires is a security risk.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche