Re: [Exim] filter and save to a group writable only file

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: Chris Thompson
CC: Exim users mailing list, Steve Traylen
Assumpte: Re: [Exim] filter and save to a group writable only file
On Mon, 17 Dec 2001, Chris Thompson wrote:

> > From a filter I have
> >
> > seen save group/mailfile 0664
> >
> > which runs as the local user deposit:editors
> >
> > and is trying to write to
> >
> > -rw-rw-r--    1 traylen  editors    172678 Dec 17 18:20 mailfile

> >
> > A failure occurs because deposit does not own the file but deposit is
> > able to touch and write to this file.
> >
> > Can I configure, perhaps also in the .forward, for this lack of
> > ownership of the destination file to be ignored
>
> Your problem can probably be solved by adding initgroups=true to the
> director that processes .forward files. If you don't do this, the
> process writing the file has only the user's login group active:
> the supplementary group list is empty.


I don't think this is the problem, because the process is running as
deposit:editors, he says.

The problem is that, by default, Exim checks that the file is owned by
the user that is running the delivery process. There is a failure
because deposit != traylen.

The only way to avoid this check is to arrange for this delivery to
occur via a different transport, one which has check_owner=false set.
So you need (a) to create this additional transport, and (b) to set
file_transport=<newtransport> on the forwardfile director that is
running the filter.


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.