On 1999-01-04 at 22:25:08, Harald Hanche-Olsen wrote:
> At the very least, making qmail-queue setgid rather than setuid would
> require reworking all those permissions. (I am too tired and stressed
> out right now to check if it is even possible.)
Just BTW, I have written my former message assuming that qmail-queue's
setuidness is changed to setgidness (with appropriate queue
permissions), and nothing else, that makes for accountability, and
chargeability (if there's such a work]. I somehow missed that the
original proposal would be to limit qmail-queue's to be executed only by
a few selected programs. On the other hand, this latter solution seems
really awkward... For a well administered system, the former is
sufficient without a rethink-at-large.
Janos
