Re: [Exim] WishList: never_users uid ranges

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Pat Lashley
CC: exim-users
Subject: Re: [Exim] WishList: never_users uid ranges
On Mon, 14 Jul 2003, Pat Lashley wrote:

> My reasoning is that very few of the special uids (bin, daemon, etc.)
> should ever recieve any mail; and it doesn't take much security paranoia
> to want to prevent deliveries under those uids. Since tradition says
> that those accounts (except for 'nobody') occupy a range of low numbered
> uids; with 'real' users starting at some arbitrary round number (100,
> 500, 1000, etc.) it would be convienient to restrict the entire range
> rather than have to remember to update your exim config when adding or
> removing one of those accounts.


I understand the paranoia, and have WishListed the item. But I still
think that there are many other WishList items that will be more widely
used.

> > (I tried to remove never_users from Exim 4, but people complained... :-)
>
> Hmmm. I missed that thread. I just did a search on the mailinglist
> archive - lots of hits on 'never_users'; but nothing that looked
> relevant. I'm willing to be convinced though. Could you point me
> at (or briefly summarize) the rationale and arguments on both sides?


It's nearly 2 years ago now and my memory isn't what it was, but...

. My feeling was that few people paid any attention to never_users; most
set up an alias for root anyway, so it was just another complication
to be maintained, documented, etc.

. The opposition to its removal was from people who felt that it was a
useful safety catch.

If never_users were extended to be more flexible, as in your suggestion,
my feeling wouldn't be as strong.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book