9 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Maildrop and UID/GID ...
FromSent OnAttachments
Nathan FrankishJul 1, 2007 4:48 am 
moussJul 1, 2007 2:12 pm 
Nathan FrankishJul 1, 2007 6:35 pm 
Devin RubiaJul 3, 2007 7:01 am 
Tony EarnshawJul 4, 2007 1:32 am 
Nathan FrankishJul 4, 2007 1:45 am 
Tony EarnshawJul 4, 2007 1:51 am 
Sam VarshavchikJul 4, 2007 5:45 am 
Tony EarnshawJul 4, 2007 6:35 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [maildropl] Maildrop and UID/GID SettingsActions...
From:Sam Varshavchik (mrs@courier-mta.com)
Date:Jul 4, 2007 5:45:49 am
List:net.sourceforge.lists.courier-maildrop

Tony Earnshaw writes:

Devin Rubia skrev, on 03-07-2007 16:01:

[...]

[SNIP]

From main.C:

static int callback_authlib(struct authinfo *auth, void *void_arg) { [SNIP] setgroupid(auth->sysgroupid); [SNIP] setuid(u); [SNIP] }

Short answer: Yes, maildrop will change to the uid/gid specified by authlib. In fact, it depends on it and will EX_TEMPFAIL if it cannot setuid or cannot find the system user specified (setgid doesn't appear to be tested, though).

In practice this doesn't work without the setuid bit being on. As maildrop is delivered in the rpm (at any rate), the perms are 555; on my rigs maildrop will not change UID to my virtual user, vmail, without suid.

Or, unless maildrop gets invoked by root.

Generally, when you leave it up to maildrop to locate the recipient's mailbox, by supplying the -d option, you need to set up your mail server software to invoke maildrop as root. This is also needed, in the default configuration, for maildrop to be able to connect to authdaemon's socket.