[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: special mail delivery group

On Mon, 9 Sep 2002 11:19, Oliver Kurth wrote:
> On Mon, Sep 09, 2002 at 11:07:19AM +0200, Russell Coker wrote:
> > I believe that it would be good to have a designated GID for use in mail
> > delivery programs.
> >
> > It seems that some programs have hard-coded GID numbers in their code
> > (such as mailman).  So the current situation is that you may have to
> > change the GID used by your mail server, and if you have two such
> > programs compiled with different GID's then you have to recompile one of
> > them (or write a SETGID wrapper).
> >
> > Having a designated default GID for mail delivery processes would solve
> > this.
> Maybe I did not fully understand what you mean, but what about
> kurth@debian:~$ cat /etc/group|grep mail
> mail:x:8:
> kurth@debian:~

I think you don't understand.

Group mail is sometimes used by the mail server, and is used for the GID for 
files under /var/spool/mail.

This is not the group for a mailing list manager, if a mailing list manager 
has a security problem then I want to limit it to only sending out email, not 
allow it to read the contents of /var/spool/mail or the queue files for the 
mail server.

Mailman in Debian expects group daemon, but having every server process in the 
daemon group is bad for security (besides - mailman is NOT a daemon).

What I would like is a separate group for "address: |command" in /etc/aliases 
type delivery which is not the same as a group used by the mail server 
internally and is not the same as the group used for mail storage.

I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

Reply to: