"David W. Tamkin" <dattier(_at_)ripco(_dot_)com> writes:
Suzana wrote,
| and another thing, i tried using the variable
| LOGFILE=/var/log/procmail/$LOGNAME in my procmailrc so that i can gather
| all the users logs into one directory...but i found that procmail didnt
| create this logs when filtering emails, even though mails got filtered!
| When I changed it to LOGFILE=$HOME/log, it works and procmail writes the
| logs..but I dont want the logs to be separated in each users home
| directory.How do i go about doing this??
As Fredrik and Philip have explained, it's surely a permissions problem on
/var/log/procmail/. If your OS supports sticky directories, change the
perms of /var/log/procmail/ to 1777. That way anyone can create a file in
there but users won't be able to delete each other's logfiles, only their
own.
Having such as log directory be world-writable without pre-creating all
logfiles creates possible security holes: if you don't pre-create the
files, users could create other people's log file, setting them mode 666
(or 611) and thereby capture the other user's log output. Or they could
do _really_ evil things like symlink a new user's logfile to that user's
.rhosts or .cshrc or some other file. Poof, a free security hole.
So, as long as you have to pre-create all the logfiles, why make the
directory world-writable at all? User's shouldn't be creating other
files there, and they shouldn't be able to remove their logfile and
thereby re-open the security hole. Might as well set the mode to 755
and be done with it.
Note that procmail is paranoid about compiled files and paths that are
accessed as part of a 'user context crossing'. For example,
procmail -d userb
will make procmail access all of the following:
userb's mailspool
userb's home directory
userb's .procmailrc
userb can't turn any of those off, so procmail has to do the security
checking for the user.
For paths that the user specifies, such as with LOGFILE or INCLUDERC,
procmail gives you all the rope you need to either bungee-jump....or
hang yourself: it does not check whether you own the specified logfile,
or whether it's a real file and not a symlink. There are valid reasons
for pointing LOGFILE at a symlink, or at a file owned by someone else.
It's might usually be a bad idea, but you're the one who gave the path
to procmail, so it'll trust you. Choose your (logfile) path wisely...
Philip Guenther
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail