Josip Rodin writes:
On Mon, Jan 11, 2010 at 09:56:21PM -0500, Sam Varshavchik wrote:Christoph Anton Mitterer writes:On Sun, 2010-01-10 at 12:29 -0500, Sam Varshavchik wrote:This depends on the maildrop configuration, but generally setgroupid won't have any effect if maildrop is invoked as root, since maildrop will use the userid specified by the -d option to set its running group and userid anyway.Uhm... what does this mean? It definitely has root-group permissions.... (at least the Debian version) ;)If maildrop runs as root, maildrop can set its userid and groupid, maildrop drops root according to the userid and groupid that's specified by the -d option. The group id that maildrop gets invoked as, is irrelevant as long as the userid is root. The root uid is sufficient for any process to change its gid and uid. So, when maildrop is invoked by root, its group id, whether natural or if set by the setgroupid bit, has no effect.I think we all agree on that. What Christoph has found, and I have reproduced, is that it doesn't exactly turn out properly. Can you verify? Add a simple test user, put `id` in its .mailfilter, and see what output you get. This is with version 2.2.0.
# authtest mr...@courier-mta.com
Authentication succeeded.
Authenticated: mr...@courier-mta.com (uid 8, gid 12)
Home Directory: /var/spool/maildir/mrsam
Maildir: (none)
Quota: (none)
Encrypted Password:
Cleartext Password: (none)
Options: (none)
That's how I have my mailbox configured in courier-authlib. I get:
uid=8(mail) gid=12(mail) groups=12(mail)
pgpUJ8pBlH2yr.pgp
Description: PGP signature
