Philip Guenther <guenther(_at_)gac(_dot_)edu> writes:
Procmail's operation runs something like this:
Parse command line flags (-d, -p, -f, -m, etc)
Clean up the environment
Figure out whether the invoking user is 'trusted'
Setup signals and file descriptors
Handle the "From " line
Read in the entire message
If in the delivery mode, fork for each user (one at a time)
At or before this point it also does:
Check mailbox ownership and rename it to BOGUSxxx if it's wrong
Become the correct user
Set ORGMAIL, HOME, DEFAULT; set the umask
if not mailfilter mode, screen $ORGMAIL (check for links, permissions)
Handle command line assignments; set up $1, $2, etc
LOOP: {
Open an rcfile
LOOP: {
process a line
} while there are lines
} while there are rcfiles left.
if we haven't delivered the message yet {
save to $DEFAULT
if that failed, save to $ORGMAIL
}
process TRAP
if EXITCODE is set, exit with the specified value
if we failed to deliver the message, exit with EX_CANTCREAT
else exit with EXIT_SUCCESS
That step probably wasn't important for the discussion you
were involved in, but it does represent an item that makes
procmail problematic at my site.
Procmail checks mailbox ownership and renames the mailbox
before it becomes the unprivileged user. That's correct
when the mailbox is in a common mail directory (i.e. /var/mail),
but it has problems when mailboxes are in home directories.
When mailboxes are in home directories, procmail is doing the
check and rename while it's still running with root permissions.
If the user's home directory is incorrect in the /etc/passwd
file, procmail will rename the wrong mailbox and put the mail
message into the wrong home directory. In my case, some users
were created with "/" as their home directory, and procmail
stuffed their mail into the root directory.
To a large extent, this isn't procmail's problem. The /etc/passwd
file should be corrected. Still, I wish procmail could, when
compiled with HOMEDIRMAIL, either perform the checks after becoming
the user (so directory permissions could prevent mis-delivered mail),
or bail out of the delivery when the home directory isn't owned by
the user.
-Greg