Sam Varshavchik <mrs...@courier-mta.com> writes:

Sam,

the other thing is the group permissions.

Maildrop (setuid or run as root, in delivery mode) will set the primary group ID, drop supplementary group IDs and finally will set the user ID. This is no different from Postfix's local(8) delivery service that David is also using: it, too, will strip supplementary group IDs, hence tricks with group writable logs won't work here, at least not for systems that put each user in their own group.

OTOH, giving users write permissions for logs may not be a good plan either.

I can see two solutions without knowing off-hand if maildrop implements either already:

1. offer to run a separate (and possibly restricted) configuration file BEFORE dropping privileges when setuid-root

2. offer to log into a command instead of a file. That might then be setgid and be as simple as a read and a write.

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95