"Todd A. Jacobs" <[EMAIL PROTECTED]> wrote:
>In the web site at
>http://web.infoave.net/~dsill/lwq.html#install-daemontools,
>there's a point where one is directed to create a directory and chown
>qmaill. Part of the init.d script seems to rely on this step.
>
>My question is whether there is a security consideration, because qmaill
>is part of the nofiles group. Isn't security being compromised by allowing
>qmaill to own files?
Yes, there's "risk" associated with having log files belong to group
"nofiles": if someone breaks into qmaill or nofiles they can tamper
with your logs. Big deal. If that keeps you up at night, even if it's
fixed, you'll have many sleepless nights. It should be easy to create
another uid/gid to own the logs. I didn't do that in LWQ because I
didn't think it was worth the added complexity. Maybe I was wrong.
-Dave
