With some (probably most by now, but I am working with exim) MTAs it is
possible to set the user and group under which a pipe will be executed.
A typical majordomo set up would be something like:
# file for outgoing aliases which should only be used by majordom
# user injecting mail locally
majordomo_private:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = TABLES/majordomo-out.aliases
search_type = lsearch
user = majordom
group = majordom
condition = "${if eq {$received_protocol}{local} \
{${if eq {$sender_ident}{majordom} \
{true}{false}}}{false}}"
# file for "public" majordomo aliases.
majordomo_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = TABLES/majordomo.aliases
search_type = dbm
modemask=002
user = majordom
group = majordom
The use of group and user in the exim director will ensure that pipes
(and file appends if there are any) in in those aliases will be run
as uid majordom.
Does this obviate the need for wrapper? Or are there other things that
wrapper protects me from.
-j
--
Jeffrey Goldberg
Until June 9: Cranfield Computer Centre +44(0)1234 750 111 x 2826
See http://www.goldmark.org/jeff/contact.html for change of address info
Relativism is the triumph of authority over truth, convention over justice.
