DragonFly users List (threaded) for 2008-05
Re: dma -- sending mail from non-root to non-root
Michael Krauss (by way of Michael Krauss <firstname.lastname@example.org>) wrote:
Hello DragonFly experts,*snip*
Experience from a totally unrelated direction;
Though I don't actually use /var/mail for mailstore (separate RAID1
array) 'system' thingies don't always know that, so...
- my /var/mail is owned by <mta_UID>:<mta_GID>
--- *all* of the critters that have need to use /var/mail/~ are made
members of the same group as the MTA (usually 'mail').
That includes my MTA, IMAP, SpamAssassin, ClamAV, Webmail, etc ....
With 'appropriate' perms and umasks for owner, group, and world you
should not need to grant root privs for /var/mail to create, deliver to,
retrieve from or otherwise manipulate that area.
-- *other* subdirs of /var/ are another matter....
-- shell-account holders and system daemon-runners other-than root *may*
need to also be members of the 'mail' group, IF they use on-box mail (as
DMA does, by plan).
In our case we:
A) never have more than three shell accounts - the sysadmins.
B) never use shell accounts for mail, give them addresses, or send them
mail. Even 'postmaster@~' is in the same DB as 'virtual' users and is
relayed off-box ro whomever has the con.
OTOH - what we run primarily is mail servers, so we have a 'proper' MTA.
I am running into problems when sending mail from one unprivileged user
to another with the DragonFly Mail Agent.
Actually I want to run dma on Arch Linux. Porting the program itself
was not a problem at all, it is running now, but suffering the same
mail folder access problems as on DragonFly BSD. On Arch Linux it is
getting even worse as no mail folder is automatically created for a
new user account. Here is a protocol from DragonFly 1.12.2:
IOW - The short answer is that there is no special reason that /var/mail
needs to be owned by root:wheel
which should solve your problem...