On Apr 12, 2005, at 12:34 AM, Finn Smith wrote:
I am currently using a .qmail-<user> file in a domain directory to pipe the contents of a message into a script on my server for local processing. Is there any way to control under which uid/gid this script executes? The reason being that it needs write access to a protected file on the system which is not accessible to my vpopmail user.

Not really. The programs in a .qmail file are executed with the same ownership as the emailbox.

You could set the suid-bit on the program called in the .qmail-user file so that the program (or script) runs as the user you want, but you'll also want to make sure that the program/script can only be executed by the vpopmail user (more likely, the vchkpw group) and doesn't open up any security problems.

An example of a security problem would be if a user on your system has enough control over their .qmail file to add this program/script, possibly altering its parameters in a way that would behave in ways you don't want it to.

QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: sniffter.com

Reply via email to