Re: userid for vmailer

To: Jean Pierre LeJacq <jplejacq@quoininc.com>
Cc: debian-devel@lists.debian.org
Subject: Re: userid for vmailer
From: Jason Gunthorpe <jgg@gpu.srv.ualberta.ca>
Date: Thu, 27 Aug 1998 09:31:48 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.980827092810.2836A-100000@Wakko.ualberta.ca>
In-reply-to: <[🔎] m0zC46D-000b9HC@mail.quoininc.com>

On Thu, 27 Aug 1998, Jean Pierre LeJacq wrote:

> >  >Any reason not to use the existing "mail" user?
> > Yes:
> > drwxrwsr-t   2 root     mail         1024 giu  4 18:53 /var/spool/mail/
> > -rwsr-sr-x   1 root     mail        57536 mag 13 21:53 /usr/bin/procmail*
> > 
> > The user vmailer runs as should not have access to other files than
> > /var/spool/vmailer/ and (most important!) should not be used by other
> > programs.
> 
> How does it then place mail in the /var/spool/mail directories?  It
> needs to be at least in group mail.

Without having seen vmail I'm just going to guess and say that the process
that accesses the queue is not the processes that writes to
/var/spool/mail. The likely arrangement is probably similar to qmail where
there is a small setuid qmailq program that takes a message and puts it
into the queue. Should that program be compromised the only damage it can
do is to the queue directory and not the user spool files.

> > I think we should assign a static id in the 1-100 or 64000 range.
> > (I don't really like much the idea of dynamic ids: I don't think
> > we are going to be short of id numbers and they make NFS file sharing
> > a PITA.)

Putting a mail queue on NFS is probably a hugely bad idea anyhow, I think
qmail explicly forbids it.

Jason

Reply to:

Follow-Ups:
- Re: userid for vmailer
  - From: Wichert Akkerman <wakkerma@debian.org>

References:
- Re: userid for vmailer
  - From: Jean Pierre LeJacq <jplejacq@quoininc.com>

Prev by Date: Re: userid for vmailer
Next by Date: Re: dpkg suggestion
Previous by thread: Re: userid for vmailer
Next by thread: Re: userid for vmailer
Index(es):
- Date
- Thread