[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: userid for vmailer

On Thu, 27 Aug 1998, Jean Pierre LeJacq wrote:

> >  >Any reason not to use the existing "mail" user?
> > Yes:
> > drwxrwsr-t   2 root     mail         1024 giu  4 18:53 /var/spool/mail/
> > -rwsr-sr-x   1 root     mail        57536 mag 13 21:53 /usr/bin/procmail*
> > 
> > The user vmailer runs as should not have access to other files than
> > /var/spool/vmailer/ and (most important!) should not be used by other
> > programs.
> How does it then place mail in the /var/spool/mail directories?  It
> needs to be at least in group mail.

Without having seen vmail I'm just going to guess and say that the process
that accesses the queue is not the processes that writes to
/var/spool/mail. The likely arrangement is probably similar to qmail where
there is a small setuid qmailq program that takes a message and puts it
into the queue. Should that program be compromised the only damage it can
do is to the queue directory and not the user spool files.
> > I think we should assign a static id in the 1-100 or 64000 range.
> > (I don't really like much the idea of dynamic ids: I don't think
> > we are going to be short of id numbers and they make NFS file sharing
> > a PITA.)

Putting a mail queue on NFS is probably a hugely bad idea anyhow, I think
qmail explicly forbids it.


Reply to: