On 02/08/03 08:39 AM, Professional Software Engineering sat at the `puter and
typed:
At 08:08 2003-02-08 -0500, Louis LeBlanc did say:
Unfortunately, procmail is running as root.
procmail should not be running as root by the time it reaches their
~/.procmailrc. If it is, you have something configured terribly wrong, or
you're invoking it directly via an MTA alias, not as LDA.
I am calling procmail from the MTA. I am also setting DROPPRIVS=yes,
DROPPRIVS is meaningless if the user it is delivering as _is_ root (or
whoever the MTA invokes the PROG mailer as). Procmail has no _user_ to
drop down to. When procmail is invoked with -m, it isn't running
/etc/procmailrc (where DROPPRIVS tends to be used), and never "elevates"
its privileges to have any to DROP.
But I am running procmail with -m. It is invoked as follows from
sendmail.cf:
procmail -Y -m /etc/procmailrc $u $h
And the /etc/procmailrc file is used. It must be, otherwise all the
changes I've been making to it over the last several years wouldn't
have modified behavior.
If you're invoking an rcfile from an alias, I'd consider using
/etc/procmailrcs/ as a startpoint - own the stub file there by the user you
want procmail to run as (see 'man procmailrc' which defines that directory
to have special meaning to procmail), and have THAT rcfile INCLUDERC the
${HOME}/.procmailrc of the user. I haven't personally had a need to do
this, but if I were attempting to invoke procmail from an MTA alias on
behalf of a specific user, this is how I'd go about it.
I'm afraid I'm feeling a little slow here. If I understand this
correctly, /etc/procmailrc should be owned by root, moved to
/usr/local/etc/procmailrcs/procmailrc, and should then INCLUDERC a
file (like ~/.procmailrc) owned by the user I want it to switch to.
And of course, the sendmail invocation should be more like
procmail -Y -m /usr/local/etc/procmailrcs/procmailrc $u $h
Yes?
(the -d option to procmail should also be of interest to you, but since you
haven't provided _ANY_ details on how you're invoking procmail, what your
OS is, and the version of procmail for that matter, it's probably a bit
premature for me to offer up specific commandline arguments).
I read that section:
-d recipient ...
This turns on explicit delivery mode, delivery will
be to the local user recipient. This, of course,
only is possible if procmail has root privileges (or
if procmail is already running with the recipient's
euid and egid). Procmail will setuid to the intended
recipients and delivers the mail as if it were
invoked by the recipient with no arguments (i.e., if
no rcfile is found, delivery is like ordinary mail).
This option is incompatible with -p.
The question is wether this would hose the delivery that actually
happens at the end of the system wide procmailrc (currently
/etc/procmailrc)? I guess I'll find out.
Oh, and my OS is FreeBSD 4.6 RELEASE, my MTA is sendmail, MDA is Cyrus
Imap (and procmail, of course), and my MUA is Mutt. Procmail version
is procmail-3.22_1 installed from the ports.
BTW, as much as I used to like using procmail-users(_at_)procmail(_dot_)org,
and as
much as it *SHOULD* point to the correct address on the real list server -
esp. since the procmail.org address is what is listed in the procmail help
- it hasn't worked in _months_, so you should revise your Reply-to: (as I
did long ago) if you hope to receieve many replies.
Ahh! Will do. Thanks!
Thank you very much for the pointers. I'll try them out and post
feedback here.
Lou
--
Louis LeBlanc leblanc(_at_)keyslapper(_dot_)org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Boling's postulate:
If you're feeling good, don't worry. You'll get over it.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail