OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Postfix Archives: Re: Virtual local delivery agent

Re: Virtual local delivery agent

Subject: Re: Virtual local delivery agent
From: Wietse Venema (wietseporcupine.org)
Date: Mon Jan 24 2000 - 10:44:05 CST

Andrew McNamara:
> >Both of these sound good. Another way is how ncFTPd does virtual FTP
> >trees. Basically, your agent could get the uid and gid of the directory
> >you are about to write into and then use these id's as the uid and gid for
> >the running process. For example, if uid:gid pair for
> >/var/mail/domain.com/ was vuser53:other, then the agent would change to
> >vuser53:other when trying to write to /var/mail/domain.com/bob/Maildir/.
>
> Yep - I had also considered this - this is how we currently operate,
> although I'm not sure Wietse would accept this.

It indeed gives me the heebee-jeebies when software derives write
privileges from the very file it wants to write to. Doing so means
Postfix has carte blanche to clobber any file on the system. I'd
be much happier if Postfix knows write privileges ahead of time.

Is there a way to get the ownership info from a trustworthy source?

> >> - Currently every recipient is looked up in the uid map and the gid map. If
> >> a site is running with fixed uid and/or fix gid across all their dialup
> >> users, then they could specify a fixed map that returned these values. Do
> >> people consider it worthwhile having a config file option to specify
> >> fixed uid/gid instead?

Returning all three, separated by a suitable delimiter, would be
an attractive possibility.

But Postfix really needs a more generic table lookup interface
where the result of lookup is an attribute list with named fields.

        Wietse

This archive was generated by hypermail 2b27 : Mon Jan 24 2000 - 10:46:29 CST