Nathan Frankish skrev, on 04-07-2007 10:39:
[...]
Forgive my ignorance/unsureness, when you say that it needs the setuid
bit (i assume you mean the maildrop executeable), doesnt that mean it
runs as the user that owns the file? Or does that mean its allowed to
run and then change into the correct user? Or have i missed something
completely?
1009 [root:mercurius.intern] /usr/bin # l maildrop
-r-xr-xr-x 1 root mail 213851 Jun 16 08:34 maildrop
1010 [root:mercurius.intern] /usr/bin # cat /etc/resolv.conf |mail -s
Test tearnshaw
1011 [root:mercurius.intern] /usr/bin # mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
9E0F5204772 378 Wed Jul 4 10:23:38 ro...@barlaeus.nl
(temporary failure. Command output: ERR: authdaemon: s_connect() failed:
Permission denied /usr/bin/maildrop: Temporary authentication failure.)
tear...@barlaeus.nl
1017 [root:mercurius.intern] /usr/bin # chmod 6555 maildrop
1018 [root:mercurius.intern] /usr/bin # l maildrop
-r-sr-sr-x 1 root mail 213851 Jun 16 08:34 maildrop
1020 [root:mercurius.intern] /usr/bin # postfix flush
1021 [root:mercurius.intern] /usr/bin # mailq
Mail queue is empty
1026 [root:mercurius.intern] /etc/authlib # grep '^[^#]' authldaprc|grep
GLOB
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
HTH,
--Tonni
9 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Maildrop and UID/GID ...
