[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Zmailer as non-root uid

> 	Hi guys!
> 	What do you think about running Zmailer as non-root account?
> IMHO only mailmox TA needed to be root suid.

	Yes, doable with certain limitations:
	- Router must not try to access people's  .forward  files
	- No pipes shall be run under 'mailbox'
	- All userids in the system shall be the same

	Oh yes, setting 'mailbox' to be suid-root is *not* recommended!
	In fact I think you can break your system security badly if you
	do it!  After all, it is not written to be run as 'suid-root',
	just 'run by root'.   (It could be turned suidable, but I don't
	trust myself to do good work at it, so I won't try it.  One of
	the basic ideas in ZMailer is not to need suid-anything programs.)

> --
> 	CU, Victor Gamov

/Matti Aarnio <mea@nic.funet.fi>