Re: [exim4debian] Re: Debian-exim - blech!
On Mon, Sep 20, 2004 at 09:48:43AM +0100, Oliver Elphick wrote:
> "mail" is and always has been a standard system account:
"mail" is also the account that owns the mail spool, hence all MUAs
run sgid mail per policy. Running the MTA as mail as well would mean
that the MTA's queue would have to belong to mail as well, giving MUAs
read access to the MTA's queue, which is a significant security risk.
This is the reason why we decided to run exim4 with a non-"mail"
account.
> Of course your argument applies equally to "Debian-exim" - it might be
> assigned to a user; it's quite as likely as that "mail" might be so
> assigned.
I beg to differ here. It is quite more unlikely to re-use an account
with a name _that_ ugly.
> > Second, purging exim4 in such a situation could lead to all files
> > belonging to that user to be deleted.
>
> Purging exim4 should not cause the deletion of the username
I beg to differ again.
> nor of files that exim4 did not install.
So we shouldn't purge the mail queue and hints database? Since policy
requires a purged package to vanish without leaving any trace of its
installation, that would be a policy violation.
Anyway, I am sick of this discussion. You didn't bring a single new
argument into it. Please try to establish policy about package user
names, or take the issue to the tech ctte. Until then, Debian-exim is
bound to stay.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Karlsruhe, Germany | lose things." Winona Ryder | Fon: *49 721 966 32 15
Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Reply to: