[cyr]deliver, executed as <user>, should have <user>'s permissions

David.Addison at infineon.com David.Addison at infineon.com
Thu Apr 15 08:52:59 EDT 2004


-----Original Message-----
Trying to do mail filtering to cyrus imapd using procmail instead of 
sieve. I'm putting "| [cyr]deliver -m blah-folder" into my 
"~/.procmailrc", instead of the global "/etc/procmailrc"; this fails: 
"couldn't connect to lmtpd: Permission denied_ procmail: Program 
failure (75) of "/usr/sbin/cyrdeliver" )" I suspect this is because 
[cyr]deliver is executed as my user, instead of "root.mail" - as it 
should be, or any command could be run as root from "~/.procmailrc"

How do others get around this?

It occurred to me to make [cyr]deliver suid ... The problem I then see 
is that any user could deliver to any other user's mailbox - 
circumventing filtering, etc. Fundamentally, what I'd like is to 
authenticate to [cyr]deliver such that those users permitted to post to 
a mailbox (and root) could deliver messages to it ... Is this possible, 
or provably a bad idea?

Thanks,

Jack
-----------------------------
I had some problems like this with mail from non-root users. It turned
out
one of the directories in the path to the lmtp socket wasn't set r-x for
world which caused delivery to fail with permission denied when the user
attempting delivery wasn't root

Dave

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list