[Exim] Re: Is wrapper needed if MTA sets user and group?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dan Liston
Date:  
À: Jeffrey Goldberg
CC: majordomo-users, exim-users
Sujet: [Exim] Re: Is wrapper needed if MTA sets user and group?
I think the wrapper is primarily for security purposes, and tries to make
sure majordomo plays in it's own sandbox, but it also provides some default
information to the perl scripts. I would have to look at section 2.1 of
the FAQ again, and probably read the Makefile to see what else it is
responsible for.

Dan Liston

Jeffrey Goldberg wrote:
>
> With some (probably most by now, but I am working with exim) MTAs it is
> possible to set the user and group under which a pipe will be executed.
>
> A typical majordomo set up would be something like:
>
> # file for outgoing aliases which should only be used by majordom
> # user injecting mail locally
>
> majordomo_private:
>    driver = aliasfile
>    file_transport = address_file
>    pipe_transport = address_pipe
>    file = TABLES/majordomo-out.aliases
>    search_type = lsearch
>    user = majordom
>    group = majordom
>    condition = "${if eq {$received_protocol}{local} \
>             {${if eq {$sender_ident}{majordom} \
>             {true}{false}}}{false}}"

>
> # file for "public" majordomo aliases.
> majordomo_aliases:
> driver = aliasfile
> file_transport = address_file
> pipe_transport = address_pipe
> file = TABLES/majordomo.aliases
> search_type = dbm
> modemask=002
> user = majordom
> group = majordom
>
> The use of group and user in the exim director will ensure that pipes
> (and file appends if there are any) in in those aliases will be run
> as uid majordom.
>
> Does this obviate the need for wrapper? Or are there other things that
> wrapper protects me from.
>
> -j
>
> --
> Jeffrey Goldberg
> Until June 9: Cranfield Computer Centre +44(0)1234 750 111 x 2826
> See http://www.goldmark.org/jeff/contact.html for change of address info
> Relativism is the triumph of authority over truth, convention over justice.