Re: setting proviledges in fqdnaliases

[Eugene Crosser <crosser@rol.ru>]

Followup to my own post:

On Wed, 2003-05-14 at 21:59, Eugene Crosser wrote:

> I am trying to get rid of .forward checking to eliminate extra NFS
> operations.  But I still need to do "pipe" delivery for some users.  I
> have a custom relation in fqdnaliases.cf that is almost completely
> modelled after fqdnaliasesldap.  If I make it return a
> "|/pipe/to/program" for some user, messages are not delivered with
> diagnostic "mail to program disallowed".  I guess that this has
> something to do with the line
> 
> 	nattr=$(newattribute $A privilege $nobodypriv)
> 
> (copied from fqdnaliasesldap portion).  I could not find any
> comprehensible documentation for the "attributes" thing, so maybe you
> could give some advice, how to either
> 
> A) make Zmailer accept pipe redirection address and just run the program
> with root uid (then I'll put a "/bin/su - joe -s /pipe/pgm" in the
> database),
> 
> or
> 
> B) Make Zmailer accept pipe redirection and run the program as user $uid
> that my lookup function would give.

Apparently a right(?) way to do it is the following:

-          nattr=$(newattribute $A privilege $nobodypriv)
+          priv=$(login2uid "$user")
+          nattr=$(newattribute $A privilege $priv)

provided that getpwnam() does the right thing on "user@domain" names. 
Mine does.

Eugene

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi