Re: Stop apt-get upgrade from messing with fetchmailrc?

To: debian-user@lists.debian.org
Subject: Re: Stop apt-get upgrade from messing with fetchmailrc?
From: Jimmy Richards <longshot@c243491-a.aurora1.co.home.com>
Date: Sun, 24 Jun 2001 10:59:04 -0600
Message-id: <[🔎] 20010624105904.A2575@c243491-a.aurora1.co.home.com>
In-reply-to: <[🔎] 20010624122305.35aebf4a.mvdwege@wanadoo.nl>

On Sun, Jun 24, 2001 at 12:23:05PM +0200, Mart van de Wege wrote:
> On Sat, 23 Jun 2001 12:19:51 -0500
> ktb <ktb@nixnotes.org> wrote:
> 
> > As far as /etc/fetchmailrc being chowned to root.  I would think that is
> > the 
> > way it should be.  With very few exceptions, in /etc,  most are
> > root.root.  
> > I suspect what you could do is cp /etc/fetchmailrc to ~/.fetchmailrc
> > Set the owner and group to that of you're home directory and -
> > $ chmod 600 .fetchmailrc
> > hth,
> > kent
> 
> Hmmm,
> 
> ok, so leaving 1 link in /etc/rc2.d would stop fetchmail being installed
> as a systemwide daemon. That's good, but I think you missed my question on
> the file permission on /etc/fetchmailrc. It *is* set to owner root.root,
> but upgrading fetchmail changes it to fetchmail.root. As I said, ISTR this
> is a policy violation, isn't it?
> 
> Mart
> 

	Hi,

	I might know what is happening here. The script that starts
may be chown'ing the file when it is started to make certain it has the
correct perrmisions and ownership/group settings before starting up the
daemon. I could tell you to look at the file
/usr/share/doc/fetchmail/README.Debian.gz, but I would rather just go
ahead and include in my reply here. I think it is a 'recent' change to
fetchmail in that you can now choose to run it as 'root' or an
'unpriviledged user', and you should be getting prompted for this if you
are using debconf. It gives you a fairly stern warning about running
choosing to run it as root as opposed to an unpriviledged user. You
should be able to get the debconf configuration to come up by running
the command 'dpkg -reconfigure -plow fetchmail'.


The following is from ---->  /usr/share/doc/fetchmail/README.Debian.gz

Fetchmail and security:

Don't run fetchmail as root if you can help it. Fetchmail does a lot of
manipulation on untrustable data (e.g.: email headers) and has had
buffer
overflow security holes fixed in that area. Nobody knows how many of
those are
still left.

The safest way to run fetchmail is to run it as an unpriviledged user
(e.g.
using the system-wide fetchmail facility described below, and the
"fetchmail"
user), delivering through SMTP. This is Debian's default configuration.


	Hope that helps!,

	Jimmy Richards


> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Attachment: binfjzSxDGiqU.bin
Description: PGP Key 0x0062D7A7.

Attachment: pgpgNYXxdOCGS.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Stop apt-get upgrade from messing with fetchmailrc?
  - From: Mart van de Wege <mvdwege@wanadoo.nl>

References:
- Re: Stop apt-get upgrade from messing with fetchmailrc?
  - From: Mart van de Wege <mvdwege@wanadoo.nl>

Prev by Date: Re: Broken Debconf
Next by Date: Re: video card problem.
Previous by thread: Re: Stop apt-get upgrade from messing with fetchmailrc?
Next by thread: Re: Stop apt-get upgrade from messing with fetchmailrc?
Index(es):
- Date
- Thread