Hi Corinna, Corinna Vinschen wrote: > Hi Christian, > > On Nov 13 23:48, Christian Franke wrote: >> I would like to contribute the Postfix Mail Transfer Agent. >> >> http://www.postfix.org/ >> >> Download: >> wget -e robots=off -np -nH --cut-dirs=1 -R'index.html*' -r \ >> http://chrfranke.no-ip.org/cygwin/x86/release/postfix \ >> http://chrfranke.no-ip.org/cygwin/x86_64/release/postfix >> >> Important: It requires cygwin 1.7.33-1 (or a recent 1.7.33-0.X test >> release). It does not work with 1.7.32-1. >> >> For a first test try 'postfix-config --dryrun'. See the /etc/postfix/main.cf >> sample for some more info. > Packaging looks basically ok, but I see a few problems in > postfix-config: > > - The script uses passwd -R without asking the admin. I'm not so sure > that's feasible. The admin should have a say in the matter.
I agree and will add a csih_request there. > Also, is > passwd -R really required? This is typically no necessary, unless you > potentially have to do stuff with native Windows tools (cron, sshd > session). Postfix doesn't seem to be a candidate for that. For example the postsuper admin tool always drops root permissions by setuid/gid() to $mail_owner ('postfix') before doing anything interesting. (postfix never uses chown(), BTW). Could this really be done without passwd -R or cyglsa ? > > - The script still accesses /etc/group and /etc/passwd, but it should > not. For reading there's getent available for quite some time now. > Creating accounts in /etc/passwd and /etc/group should depend on the > Cygwin version. /etc/passwd is not accessed. Yes, the first group 0 check should be replaced by getent, yes. The other /etc/group modifications were only added because csih lacks a csih_create_local_group function. > I prepared a matching function for testing this in > csih, which looks like this: > > # Routine: csih_use_file_etc passwd|group > # Check if /etc/passwd or /etc/group file is in use. > # On Cygwin versions < 1.7.33, files are always used. > # On Cygwin versions >= 1.7.33 it depends on /etc/nsswitch.conf. > ... > csih_use_file_etc() > { > ... > } # === End of csih_use_file_etc() === # > readonly -f csih_use_file_etc > > Maybe you could just copy the method for now until I get my lazy > back to finish the work on csih? OK. If csih_use_file_etc returns false, all the script could do for now is to refuse the creation of local users or groups. The (files-only|non-domain|domain) complexity should be handled in csih, IMO: Something like: user=$(postconf -h mail_owner) # sets csih_cyg_user, csih_win_user, csih_user_exists csih_check_local_user_name "$user" || return 1 if [ "$csih_cyg_user" != "$user" ]; then # In domain and $user has no prefix yet csih_inform ".... Some explanation ...." csih_request "Change mailowner from $user to $csih_cyg_user?"|| return 1 postconf -e "mail_owner=$csih_cyg_user" fi [ $csih_user_exists ] && return 0 if [ "$csih_win_user" = "$csih_cyg_user" ]; then csih_request "Create user $csih_cyg_user"|| return 1 else csih_request "Create Windows user $csih_win_user\ for Cygwin user $csih_cyg_user"?|| return 1 fi csih_create_unprivileged_user > > - I don't understand this one in create_postfix_accounts: > > if /usr/bin/find / -maxdepth 0 -group "$setgid_group" >/dev/null 2>&1; > then > [...] > > What are you looking for in /? Nothing :-) This fairly portable trick to check for group existence was inherited from an older script. Should be replaced by getent, of course. Thanks, Christian