> What more do you want than is already mentioned in the FAQ?
>
> Q5002: How can I arrange to allow a limited set of users to perform a limited
> set of Exim administration functions? I don't want to put them all in
> the exim group.
>
> A5002: See http://www.chiark.greenend.org.uk/~ian/userv/. Using userv you can
> arrange (for example) for certain users to be able to invoke mailq or
> runq or other preset commands as exim (or any other user, as configured)
> with only userv configuration. If you want to check the particular Exim
> options available you can easily do it with shell or Perl scripts and
> userv configuration, and provided you know how to do argument
> `unparsing' properly in shell or Perl it will be secure.
I would like all security and user changing to happen outside of
exim, and inside a single external program which is designed with
that in mind. Ian Jackson and I do not always (often?) see eye to
eye, but I do think that he has the right idea with userv. Move
all the security related code into one location, make it clean, audit
it thoroughly. It means that there is only one thing to go wrong,
in principle at least.
It saves you (or anyone else) re-inventing the wheel whenever dealing
with security. Or at least that is the idea.
It does involve a complete re-write, but that is what you are
proposing anyway, I believe.
Julian
