"Christopher D. Clausen" <[EMAIL PROTECTED]> writes: > Michael Olson <[EMAIL PROTECTED]> wrote: >> >> This I'm not very happy about. Is there some way for the server to >> call procmail with some "subset" of the user's token and the mail >> delivery token, so that one user could not write to another user's >> mail directory? > > Well, is it possible to chroot to a particular user's mail volume on > delivery? That should be sufficient to prevent users from messing with > other's volumes, provided that we don't grant the users "a" rights on > their mail volumes. (Users need "a" and "i" to create mount points.)
That would solve the problem, I think. I could easily write a wrapper around procmail to do this for us. For my own reference: In /etc/exim4/conf.d/transport/30_exim4-config_procmail_pipe, Change: command = "/usr/bin/procmail" to: command = "/usr/local/bin/chroot-procmail $local_part" And in the new file chroot-procmail: #!/bin/sh chroot $1 /usr/bin/procmail >> Though come to think of it, the same problem probably exists (if I >> understand it correctly) on normal procmail installations as well, so >> we wouldn't actually be taking a step backwards. Still, it's a >> concern. > > Procmail is probably setup to run as the current user when mail is > delivered. This changes the access rights to that users. With AFS, > changing uid would have no effect on changing procmail's access rights > in AFS. Yes, I was mistaken -- exim actually changes to the UID of the user at the router level (because of the check_local_user directive in the procmail stanza) before calling procmail. Sorry for the false alarm. >> The problem NFS would solve is making email available to the other >> machines, without delivering all mail to another machine. I didn't >> realize that our AFS volume was hosted on deleuze -- that addresses my >> concerns and obviates the need for a separate NFS volume. > > NFS would not allow me to directly read my Maildir from my laptop. AFS > would. I realize that secure IMAP or POP would work just as well, but > that requires additional local storage. I suppose that would be an interesting possibility. I'm not sure how well it compares to just using secure IMAP, which is what we mostly do here. -- Michael Olson -- FSF Associate Member #652 -- http://www.mwolson.org/ Interests: Emacs Lisp, text markup, protocols -- Jabber: mwolson_at_hcoop.net /` |\ | | | Projects: Emacs, Muse, ERC, EMMS, Planner, ErBot, DVC |_] | \| |_| Reclaim your digital rights by eliminating DRM. See http://www.defectivebydesign.org/what_is_drm for details. _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
