Aaron Stone wrote:
I'd like to propose that for > 2.0, we have a system like mysql does for access control to the database. Especially if we are moving the tools to man.8, it might also make sense to setuid them, make the config file root read-only, and then use privilege flags in the database to determine if the user running the particular dbmail-* program has rights to view or modify the database in an administrative way.
In debian dbmail-smtp is already setuid 'dbmail' and the config file is owned by dbmail:dbmail, mode 640. That way anyone can inject messages but only privileged users can manage users or access the data.
Anyone running dbmail with dbmail.conf o+r needs a proper spanking. -- ________________________________________________________________ Paul Stevens mailto:[EMAIL PROTECTED] NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED] The Netherlands________________________________http://www.nfg.nl
