[Exim] Is wrapper needed if MTA sets user and group?

Góra strony
Delete this message
Reply to this message
Autor: Jeffrey Goldberg
Data:  
Dla: majordomo-users, exim-users
Temat: [Exim] Is wrapper needed if MTA sets user and group?
With some (probably most by now, but I am working with exim) MTAs it is
possible to set the user and group under which a pipe will be executed.

A typical majordomo set up would be something like:

# file for outgoing aliases which should only be used by majordom
# user injecting mail locally

majordomo_private:
   driver = aliasfile
   file_transport = address_file
   pipe_transport = address_pipe
   file = TABLES/majordomo-out.aliases
   search_type = lsearch
   user = majordom
   group = majordom
   condition = "${if eq {$received_protocol}{local} \
            {${if eq {$sender_ident}{majordom} \
            {true}{false}}}{false}}"


# file for "public" majordomo aliases.
majordomo_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = TABLES/majordomo.aliases
search_type = dbm
modemask=002
user = majordom
group = majordom

The use of group and user in the exim director will ensure that pipes
(and file appends if there are any) in in those aliases will be run
as uid majordom.

Does this obviate the need for wrapper? Or are there other things that
wrapper protects me from.

-j

-- 
Jeffrey Goldberg              
 Until June 9:  Cranfield Computer Centre   +44(0)1234 750 111 x 2826
 See http://www.goldmark.org/jeff/contact.html for change of address info
Relativism is the triumph of authority over truth, convention over justice.