RE: [courier-users] Re: Courierfilter.pid Question

Thu, 18 Mar 2004 16:28:11 -0800 

Some mechanisms to deal with this problem are.

Create a directory in /var/run with appropriate perms
to allow all of a packages .pid's to be created there.
FreeBSD puts bind's pids in /var/run/named so it can
run as an untrusted user and have some place to put its
pid file.

The FreeBSD port of courier puts all the pids with the
locks in /var/spool/courier/tmp.

In general you don't want any directory where uid 0
programs are creating things, to have write access by
any other uid than 0. Otherwise a cracked uid != 0
could create symlinks with interesting names, like
cron.pid, just waiting to overwrite some critical file
when cron is restarted.

> > That's not the problem. With most of the builds I do, 
> > /var/run is not
> > accessible by the user courier, only the user root. So in 
> > the past I have
> > made /var/run available to courier. But people I work with 
> > don't agree with
> > it, they wanted to me to post the question, why are all the 
> > other courier
> > pids owned by root and courierfilter.pid is owned by courier.
> 
> Because the courierfilter process runs as the courier user, 
> hence the files it creates are owned by the courier user.
> 
> All other daemons run as root.


Warning:  Copyright ResMed.  Where the contents of this email and/or attachment 
includes materials prepared by ResMed, the use of those
materials is subject exclusively to the conditions of engagement between ResMed and 
the intended recipient.
 
This communication is confidential and may contain legally privileged information.
By the use of email over the Internet or other communication systems, ResMed is not 
waiving either confidentiality of, or legal
privilege in,the content of the email and of any attachments.
If the recipient of this message is not the intended addressee, please call ResMed 
immediately on  +61 2 9886 5000 Sydney, Australia.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to