DragonFly users List (threaded) for 2008-05
DragonFly BSD
DragonFly users List (threaded) for 2008-05
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: dma -- sending mail from non-root to non-root

From: Bill Hacker <wbh@xxxxxxxxxxxxx>
Date: Sat, 24 May 2008 03:21:39 +0800

Michael Krauss (by way of Michael Krauss <hippodriver@gmx.net>) wrote:
Hello DragonFly experts,

I am running into problems when sending mail from one unprivileged user
to another with the DragonFly Mail Agent.

Actually I want to run dma on Arch Linux. Porting the program itself
was not a problem at all, it is running now, but suffering the same
mail folder access problems as on DragonFly BSD. On Arch Linux it is
getting even worse as no mail folder is automatically created for a
new user account. Here is a protocol from DragonFly 1.12.2:


Experience from a totally unrelated direction;

Though I don't actually use /var/mail for mailstore (separate RAID1 array) 'system' thingies don't always know that, so...

- my /var/mail is owned by <mta_UID>:<mta_GID>

--- *all* of the critters that have need to use /var/mail/~ are made members of the same group as the MTA (usually 'mail').

That includes my MTA, IMAP, SpamAssassin, ClamAV, Webmail, etc ....

With 'appropriate' perms and umasks for owner, group, and world you should not need to grant root privs for /var/mail to create, deliver to, retrieve from or otherwise manipulate that area.

Two Caveats:

-- *other* subdirs of /var/ are another matter....

-- shell-account holders and system daemon-runners other-than root *may* need to also be members of the 'mail' group, IF they use on-box mail (as DMA does, by plan).

In our case we:

A) never have more than three shell accounts - the sysadmins.

B) never use shell accounts for mail, give them addresses, or send them mail. Even 'postmaster@~' is in the same DB as 'virtual' users and is relayed off-box ro whomever has the con.

OTOH - what we run primarily is mail servers, so we have a 'proper' MTA.

IOW - The short answer is that there is no special reason that /var/mail needs to be owned by root:wheel

which should solve your problem...


Bill Hacker


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]