On Sun, 14 Mar 1999, Mate Wierdl wrote:
> What mean things can happen if a user pipes the message to a command?
> They can always do it using the shell anyways. The shell started in
> .qmail is run by the user...
You see, the server I am administrating does not allow shellaccess for
users, just POP3 and FTP (to put up webpages).
Of course the shell started by qmail-local to spawn commands specified in
dot-qmail files is run by the user itself. One of the main reasons for me
using Qmail is security.. :-)
Well, I just patched qmail-local.c to look in /var/qmail/control/staffusers for
usernames and match the UID of the user against the UID that owns the dot-qmail
file, so it's not a problem anymore for me. But I'm still interesting in
if there is some standard way of accomplishing this.
If there isn't, and someone has the same problem, just mail me for the patch.
> Mate
/ Joel Eriksson
