[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Zmailer as non-root uid
> Hi guys!
>
> What do you think about running Zmailer as non-root account?
> IMHO only mailmox TA needed to be root suid.
Yes, doable with certain limitations:
- Router must not try to access people's .forward files
- No pipes shall be run under 'mailbox'
- All userids in the system shall be the same
Oh yes, setting 'mailbox' to be suid-root is *not* recommended!
In fact I think you can break your system security badly if you
do it! After all, it is not written to be run as 'suid-root',
just 'run by root'. (It could be turned suidable, but I don't
trust myself to do good work at it, so I won't try it. One of
the basic ideas in ZMailer is not to need suid-anything programs.)
> --
> CU, Victor Gamov
/Matti Aarnio <mea@nic.funet.fi>