procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: modifying procmail source

1997-03-12 04:15:22
from [Philip Guenther] [Permanent Link] 
Paul Keller <pkeller(_at_)cisco(_dot_)com> writes:

Any clue as to which portion of the procmail source I might change
to ensure that inbox permissions are set to 660 instead of 600. If you
turn off a .forward file which has previously used procmail, the inbox
permissions are insufficient for /bin/rmail to write to it. I want
to ensure that both local mailers set identical permissions.


My first suggestion is to make procmail the local mailer and forget about
/bin/rmail.

The next solution is the following: make procmail setgid to the group
that owns the spool directory, turn on the setgid bit and turn off the
'other' writable bit on the directory itself, then change the owner of
the spool directory to *not* be whomever procmail runs as.  If procmail
is setuid root, then the spool directory will need to be owned by
someone other than root (daemon?  bin?  something just for this
purpose?), otherwise the spool directory can be owned by root.  This is
kinda convoluted, but procmail will interpret it to mean that new mail
spools should be created with umask 660 (the code that does this was
actually designed to handle the case of procmail setgid mail, but not
setuid root).

If you insist on changing the code, then look at the top of the
screenmailbox() function in misc.c.  I would suggest still requiring
that the spool directory be mode 2775 (sgid on, not world writable)
and that procmail by setgid mail (or whatever group you're using),
and just remove the mismatch of uid condition from the previous
paragraph.  To do so, change the code that reads:

     if(uid!=stbuf.st_uid&&              /* we don't own the spool directory */
        (stbuf.st_mode&S_ISGID||!wwsdir))         /* it's not world writable */
      { if(stbuf.st_gid==egid)                   /* but we have setgid privs */
           doumask(GROUPW_UMASK);                  /* make it group-writable */
        goto keepgid;
      }

to instead read:

     if(stbuf.st_mode&S_ISGID||!(wwsdir&2))       /* it's not world writable */
      { if(stbuf.st_gid==egid)                   /* but we have setgid privs */
           doumask(GROUPW_UMASK);                  /* make it group-writable */
        goto keepgid;
      }


Note that procmail will never relax permissions on a mailbox that
already exists.  If you want to do that you'll have to chmod the file
yourself.

Philip Guenther
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to stop creation of BOGUS.xxx, Philip Guenther
Next by Date:  Re: Help with auto-reply, Jim De Arras
Previous by Thread:  modifying procmail source, Paul Keller
Next by Thread:  procmail and The Dotfile Generator, Jesper Pedersen
Indexes:  [Date] [Thread] [Top] [All Lists]