Re: special mail delivery group
On Mon, 9 Sep 2002 11:19, Oliver Kurth wrote:
> On Mon, Sep 09, 2002 at 11:07:19AM +0200, Russell Coker wrote:
> > I believe that it would be good to have a designated GID for use in mail
> > delivery programs.
> >
> > It seems that some programs have hard-coded GID numbers in their code
> > (such as mailman). So the current situation is that you may have to
> > change the GID used by your mail server, and if you have two such
> > programs compiled with different GID's then you have to recompile one of
> > them (or write a SETGID wrapper).
> >
> > Having a designated default GID for mail delivery processes would solve
> > this.
>
> Maybe I did not fully understand what you mean, but what about
>
> kurth@debian:~$ cat /etc/group|grep mail
> mail:x:8:
> kurth@debian:~
I think you don't understand.
Group mail is sometimes used by the mail server, and is used for the GID for
files under /var/spool/mail.
This is not the group for a mailing list manager, if a mailing list manager
has a security problem then I want to limit it to only sending out email, not
allow it to read the contents of /var/spool/mail or the queue files for the
mail server.
Mailman in Debian expects group daemon, but having every server process in the
daemon group is bad for security (besides - mailman is NOT a daemon).
What I would like is a separate group for "address: |command" in /etc/aliases
type delivery which is not the same as a group used by the mail server
internally and is not the same as the group used for mail storage.
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
Reply to: