OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Postfix Archives: Re: Virtual local delivery agent

Re: Virtual local delivery agent

Subject: Re: Virtual local delivery agent
From: Christopher E. Brown (cbrowndenalics.net)
Date: Tue Jan 25 2000 - 13:59:42 CST

On Mon, 24 Jan 2000, Wietse Venema wrote:

> Andrew McNamara:
> > >Both of these sound good. Another way is how ncFTPd does virtual FTP
> > >trees. Basically, your agent could get the uid and gid of the directory
> > >you are about to write into and then use these id's as the uid and gid for
> > >the running process. For example, if uid:gid pair for
> > >/var/mail/domain.com/ was vuser53:other, then the agent would change to
> > >vuser53:other when trying to write to /var/mail/domain.com/bob/Maildir/.
> >
> > Yep - I had also considered this - this is how we currently operate,
> > although I'm not sure Wietse would accept this.
>
> It indeed gives me the heebee-jeebies when software derives write
> privileges from the very file it wants to write to. Doing so means
> Postfix has carte blanche to clobber any file on the system. I'd
> be much happier if Postfix knows write privileges ahead of time.
>
> Is there a way to get the ownership info from a trustworthy source?

        I would think this should be set by config option. 

---
As folks might have suspected, not much survives except roaches, 
and they don't carry large enough packets fast enough...
        --About the Internet and nuclear war.

This archive was generated by hypermail 2b27 : Tue Jan 25 2000 - 14:17:54 CST