[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: special mail delivery group

| Russell> What I would like is a separate group for "address: |command"
| Russell> in /etc/aliases type delivery which is not the same as a
| Russell> group used by the mail server internally and is not the same
| Russell> as the group used for mail storage.

| Modern mail daemons let you explicitly configure this (ie. the daemon
| itself does a setgid() before executing the pipe), rather than rely on
| setgid-ness of the delivery programs.  Certainly exim works like that,
| and it is the sensible way.

Tollef> Uhm, why is this the sensible way?  Using sgid is perfectly
Tollef> sane.  It works with all MDAs, for one.

| The delivery programs that hardcode a group name, or even _the fact
| that they change group id_, are broken.

Tollef> Why?

Well, maybe my language was too strong there.  I don't like setgid
MDA's because that makes them behave differently when used in a
standalone way.  Sometimes I'd like to run procmail, for example, on a
test article just for its scoring features.  If I do that and procmail
is setgid, the output will be group owned by mail.

Really the world should switch to maildirs and there wouldn't be any
need for privileged delivery :)

Ian Zimmerman, Oakland, California, U.S.A.
GPG: 433BA087  9C0F 194F 203A 63F7 B1B8  6E5A 8CA3 27DB 433B A087
EngSoc adopts market economy: cheap is wasteful, efficient is expensive.

Reply to: