Re: special mail delivery group
| Russell> What I would like is a separate group for "address: |command"
| Russell> in /etc/aliases type delivery which is not the same as a
| Russell> group used by the mail server internally and is not the same
| Russell> as the group used for mail storage.
| Modern mail daemons let you explicitly configure this (ie. the daemon
| itself does a setgid() before executing the pipe), rather than rely on
| setgid-ness of the delivery programs. Certainly exim works like that,
| and it is the sensible way.
Tollef> Uhm, why is this the sensible way? Using sgid is perfectly
Tollef> sane. It works with all MDAs, for one.
| The delivery programs that hardcode a group name, or even _the fact
| that they change group id_, are broken.
Tollef> Why?
Well, maybe my language was too strong there. I don't like setgid
MDA's because that makes them behave differently when used in a
standalone way. Sometimes I'd like to run procmail, for example, on a
test article just for its scoring features. If I do that and procmail
is setgid, the output will be group owned by mail.
Really the world should switch to maildirs and there wouldn't be any
need for privileged delivery :)
--
Ian Zimmerman, Oakland, California, U.S.A.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
EngSoc adopts market economy: cheap is wasteful, efficient is expensive.
Reply to: