[EXIM] address_file and user rights

Página superior
Este mensaje es parte del siguiente hilo:
M\El árbol completo de hilos, ordenados por fecha
MM 
MMTabor J. Wells, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Marc Haber
Fecha:  
A: exim-users
Asunto: [EXIM] address_file and user rights
I have a mailing list that is to be used with majordomo.
For archival purposes, I need every mail message written to
a special file. I do not want that file to be a normal mailbox
since that would offer a possibility for evil people to
inject articles into the archive that never have seen the
list.

I have the alias file configured as follows:

test-list-outgoing: :include:/var/spool/majordomo/lists/test-list,
/home/wh/lists/test-list

I want the rights to /home/wh/lists/test-list to be as restrictive
as possible, but wh needs to be able to read the file. 

I think the following permissions would be appropriate:
palandt:/home/wh/lists # ls -al
total 18
drwx------   2 wh       users        1024 Aug 19 19:24 .
drwxr-xr-x  14 wh       users        1024 Aug 19 18:51 ..
-rw-rw----   1 wh       majordom     9676 Aug 19 19:23 test-list
palandt:/home/wh/lists #


Transports:
address_file:
driver = appendfile

Director:
majordomo_aliases:
domains = "lists.bartsch-partner.de:lists.jahr2000.dgri.de"
driver = aliasfile
file = /usr/local/majordomo/majordomo.aliases
search_type = lsearch
user = majordomo
optional = yes
qualify_preserve_domain = yes

With this config, exim runs the delivery as majordomo. This way,
/home/wh/lists/test-list needs to be writable by majordomo. I have
"solved" that problem by making the dir world-writeable. Is there
any more elegant way? Would giving the directory group majordomo
and making it group writeable work?

The next problem is that exim refuses to write into that file.
It only writes into a file that is owned by majordomo.majordomo
and adjusts the permissions to -rw-------, making it unreadable to
the user who has to read it for processing.

I am reluctant to change the transport's or the director's
properties since they are probably used by many other processes
on that machine.

Is defining a special aliasfile director with a special alias
file that uses the appropriate uid and/or gid and only contains
a single alias really the only option?

Any ideas how to creatively solve this? 

Greetings
Marc
-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29


--
*** Exim information can be found at http://www.exim.org/ ***


Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-[EXIM] domain pattern in route_list[EXIM] Local POP deliveries via EXIM->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)