Re: [Lurker-users] Permissions errors
Brought to you by:
terpstra
Menu
▾
▴
Re: [Lurker-users] Permissions errors
|
From: Wesley W. T. <we...@te...> - 2009-09-21 18:29:17
|
On Mon, Sep 21, 2009 at 7:10 PM, Gerald Livingston < ger...@sy...> wrote: > > Interesting. Perhaps it's setuid? Or perhaps there is a setting > > somewhere else that instructs the MDA to setuid for it. > > -rwsr-xr-x 1 ecartis daemon 199880 2006-04-14 > 18:36 /usr/lib/ecartis/ecartis > > Is there a security reason that lurker is not setuid? > Well, err, yes. If the program is setuid you can run it as any user to take action on the database. If you made lurker-index setuid, it would work too, but then any user on the system could run lurker-index to put new mail into your archive. IMO the ecartis "solution" is an egregious hack. Better is to find out how to tell your MDA which user to run as. It must be possible since your MDA is running procmail as the target user. Find out how it invokes procmail. That's how you want to invoke lurker. |
