[cyr]deliver, executed as <user>, should have <user>'s permissions
David.Addison at infineon.com
David.Addison at infineon.com
Thu Apr 15 08:52:59 EDT 2004
-----Original Message-----
Trying to do mail filtering to cyrus imapd using procmail instead of
sieve. I'm putting "| [cyr]deliver -m blah-folder" into my
"~/.procmailrc", instead of the global "/etc/procmailrc"; this fails:
"couldn't connect to lmtpd: Permission denied_ procmail: Program
failure (75) of "/usr/sbin/cyrdeliver" )" I suspect this is because
[cyr]deliver is executed as my user, instead of "root.mail" - as it
should be, or any command could be run as root from "~/.procmailrc"
How do others get around this?
It occurred to me to make [cyr]deliver suid ... The problem I then see
is that any user could deliver to any other user's mailbox -
circumventing filtering, etc. Fundamentally, what I'd like is to
authenticate to [cyr]deliver such that those users permitted to post to
a mailbox (and root) could deliver messages to it ... Is this possible,
or provably a bad idea?
Thanks,
Jack
-----------------------------
I had some problems like this with mail from non-root users. It turned
out
one of the directories in the path to the lmtp socket wasn't set r-x for
world which caused delivery to fail with permission denied when the user
attempting delivery wasn't root
Dave
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list