On Mon, Jul 30, 2007, alexander benaguev <[EMAIL PROTECTED]> said: > umask wrote: >> May be Alexander Benaguev have examples of use cases. > I don't have examples, just logic: users can manage they scripts by > connecting to timsieved (it's part of dbmail), or they can do this from > shell by dbmail-sievecmd. 'cose second case is unlikely, you should > shutdown timsieved;)
Users should NEVER have access to dbmail-* commands. ALL of the commands potentially give access to ALL user data. They are designed to be run on closed servers where none of the users have shell access, or have limited shell access. That's why they're in /usr/sbin! You might write some wrappers around the commands and allow them to be called from management scripts, but be damned sure to check that you have a -u option, that the value is of the user issuing the command, and that you escape the arguments fully (as with all shell commands). As for sieve script permissions, there might be some interesting use cases for restricting user access to edit scripts, and I think it might fit in nicely with ideas for system scripts, group/client scripts, system-owned user scripts, etc. Let's work out some of the ideas on a wiki page: http://dbmail.org/dokuwiki/doku.php?id=sieve Aaron _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
