OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Proposal: mailbox_command_privs option
From: Wietse Venema (wietseporcupine.org)
Date: Mon Oct 23 2000 - 05:51:22 CDT

Stefan Arentz:
> In postfix you can use the mailbox_command parameter to
> specify an alternative local delivery command. However, it
> is unclear under which uid this command is run.
>
> DELIVERY RIGHTS
> Deliveries to external files and external commands are
> made with the rights of the receiving user on whose behalf
> the delivery is made.

What is unclear about this text?

> Is this a good reason to introduce a mailbox_command_privs
> configuration option? This option would then let you specify
> under which account the mailbox command will be executed.

No.

The local delivery agent was written to deliver to UNIX-style
mailboxes that are owned by users specified in the UNIX password
file.

Deliveries to non-UNIX users and to mail system-owned mailboxes
are better done with a different delivery agent, such as
Andrew McNamara's virtual local delivery agent.

That said, you can specify local aliases of the type:

    aliasname /file/name

All deliveries to such aliases are made with default privileges
(default setting: default_privs = nobody). You will have to make
the parent directory of mailboxes writable to whatever user you
specify for the default privileges.

        Wietse