[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sendmail + ~/.forward

On Thu, Feb 20, 2003 at 01:12:30PM +0200, Sergey wrote:
> AP> а в логах на этого пользователя что? /var/log/mail*
> 
> mail.info:Feb 16 06:52:02 ciet sm-mta[25711]: h1G4q1ZL025702: forward /home/testuser1/.forward: World writable directory
> mail.info:Feb 16 06:52:02 ciet sm-mta[25711]: h1G4q1ZL025702: to=testuser1, ctladdr=<ftn@debian.pharm-info.ukrpack.net> (1001/1001), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31453, dsn=2.0.0, stat=Sent

http://www.sendmail.org/tips/DontBlameSendmail.html

The biggest surprise is likely to come from .forward and :include: files
in unsafe directory paths (directory paths which are group or world
writable). This is no longer allowed. This would mean that if user joe's
home directory was writable by group staff, sendmail would not use his
.forward file. This behavior can be altered, at the possible expense of
system security, by setting the DontBlameSendmail option. For example,
to allow forward files in group writable directories:

O DontBlameSendmail=forwardfileingroupwritabledirpath

Or to allow them in both group and world writable directories:

O DontBlameSendmail=forwardfileinunsafedirpath

-- 
/mator
Reply to: