OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: postfix and mhonarc
From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Mon Oct 02 2000 - 14:06:37 CDT

On 2 October 2000, wtstacey <wtstaceysfu.ca> wrote:
>
> okay here is the error i get: Command output: ERROR:
> "/usr/local/www/dir/" is not writable
>
> cause the command "mhonarc -add ..." is run by nobody. i'd like to set
> it up so the command is run with the permissions of the group that
> owns the directory, or is there another way?
[...]
> how can i get mhonarc to run from an alias, either as a user or group
> other than nobody, without compromising security?

    Add a new user "mhonarc", and change "/usr/local/www/dir" to be
owned by it. In your alias file add aliases

        list mhonarc+list

for all lists you want to archive. Add something like

forward_path =
        $home/.forward$recipient_delimiter$extension
        $home/.forward
        /etc/postfix/forwards/$user$recipient_delimiter$extension
        /etc/postfix/forwards/$user

to your main.cf, and create /etc/postfix/forwards owned by root. Create
inside a file "mhonarc", with the contents

        postmaster

and a "mhonarc+list", with the contents

        |/usr/local/bin/webnewmail-list

for each list. Write the "webnewmail-list" script. I did that more
than an year ago, and basically forgot about it afterwards.

    Beware however that replacing "/etc/postfix" above with
"$config_directory" doesn't work (or at least it didn't about an year
ago). I believe _this_ is a bug.

    Regards,

    Liviu Daia 

-- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc