On Sun, Jun 24, 2001 at 12:23:05PM +0200, Mart van de Wege wrote: > On Sat, 23 Jun 2001 12:19:51 -0500 > ktb <ktb@nixnotes.org> wrote: > > > As far as /etc/fetchmailrc being chowned to root. I would think that is > > the > > way it should be. With very few exceptions, in /etc, most are > > root.root. > > I suspect what you could do is cp /etc/fetchmailrc to ~/.fetchmailrc > > Set the owner and group to that of you're home directory and - > > $ chmod 600 .fetchmailrc > > hth, > > kent > > Hmmm, > > ok, so leaving 1 link in /etc/rc2.d would stop fetchmail being installed > as a systemwide daemon. That's good, but I think you missed my question on > the file permission on /etc/fetchmailrc. It *is* set to owner root.root, > but upgrading fetchmail changes it to fetchmail.root. As I said, ISTR this > is a policy violation, isn't it? > > Mart > Hi, I might know what is happening here. The script that starts may be chown'ing the file when it is started to make certain it has the correct perrmisions and ownership/group settings before starting up the daemon. I could tell you to look at the file /usr/share/doc/fetchmail/README.Debian.gz, but I would rather just go ahead and include in my reply here. I think it is a 'recent' change to fetchmail in that you can now choose to run it as 'root' or an 'unpriviledged user', and you should be getting prompted for this if you are using debconf. It gives you a fairly stern warning about running choosing to run it as root as opposed to an unpriviledged user. You should be able to get the debconf configuration to come up by running the command 'dpkg -reconfigure -plow fetchmail'. The following is from ----> /usr/share/doc/fetchmail/README.Debian.gz Fetchmail and security: Don't run fetchmail as root if you can help it. Fetchmail does a lot of manipulation on untrustable data (e.g.: email headers) and has had buffer overflow security holes fixed in that area. Nobody knows how many of those are still left. The safest way to run fetchmail is to run it as an unpriviledged user (e.g. using the system-wide fetchmail facility described below, and the "fetchmail" user), delivering through SMTP. This is Debian's default configuration. Hope that helps!, Jimmy Richards > -- > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Attachment:
binfjzSxDGiqU.bin
Description: PGP Key 0x0062D7A7.
Attachment:
pgpgNYXxdOCGS.pgp
Description: PGP signature