Jason Keltz wrote: > By default, appendfile will not deliver if the path name for the file is > that of a symbolic link. Setting the allow_symlink option relaxes that > constraint. Is there any way that I can get middle ground by enabling > "allow_symlink", but only allowing symlinks that are owned by say, > root/exim? I don't want a user to be able to delete my symlink of > /var/mail/USER to /real/path/of/var/mail. > > Jason. > >
As it is the path - not the file at the end of it - you wish to deny user modification of, I'm not sure what *n*x perms cannot already protect.. That said, I don't see what the advantage is of using a symlink in the first place. Userland need not have 'visibility' of the whole dirtree, let alone perms to modify it - only the Maildir or Mbox at the end of it. The POP/IMAP needs the whole shebang (as Exim does), but need not expose it to the user. That said, none of our shell accounts have mail, and all of our mail accounts, paths, privs, and mailstore are 'virtual' - even the postmaster@, so my practice may not fit your environment. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
