running transport agents with reduced priveleges

[Ken Pizzini <ken@ember.spry.com>]

On the principle that processes shouldn't run with root priveleges
whenever possible I have tried setting the "user=zmailer" for
various transport agents (most notably "smtp").  This works fine
much of the time, but if the transport requeues the message
(such as due to an error), then the file in the transports/
directory will be owned by that process's UID, with mode 0460.
Then, if the same process is invoked to handle the new message it
will thrash in trying to open the file for writing (to annotate
its lock), because the owner does not have write permission.

To pick one line out of thousands that say the same thing in
the scheduler log when this happenst(until I notice the problem
and chown the transports file or change the user= to root in the
scheduler.conf file):

19960506150331 DBGdiag: # smtpclient:17470: Cannot open control file "148105-250
53" from "/var/spool/postoffice/transport" for "smtp/cclink.aus.etn.com" as uid 
24! (m)



Of the several ways I've considered for fixing this, my current
favorite is to give the transport files mode 0660, *provided
that the UID is in the trusted list*.  If the UID is not
one of the "trusted" UIDs, then the current 0460 mode is
appropriate.

What do others think?  Or am I missing something that already
exists that would make my problem go away?

		--Ken Pizzini

P.S. I don't think its relevant, but:
 OS: Solaris 2.4, Solaris 2.5, SunOS 4.1.3_U1
 zmailer versions: 2.99.14, 2.99.16, 2.99.26
 (I thought I tried 2.99.27, but the machine that I did
 the test on was misinstalled as 2.99.26.  Apologies if
 this was fixed already in 2.99.27.)