On Mon, Aug 29, 2005 at 08:42:38PM +0200, Jarry wrote If you have a problem with users having access to certain email, then don't let them access that email at all. That is the only way.
> Neil Bothwick wrote: > > Q: How can I prohibit users from changing mail-path in their > $HOME/.procmailrc back to $HOME/.maildir? That way they could > circumvent my /var userqouta settings (100MB) and use /home > settings (5GB)... I believe that procmail is paranoid about any .procmailrc not having "correct" ownership and permissions. So if you chown it to root, procmail may ignore it when processing email for the user. You might want to look at setting up .procmailrc "properly" in the user's name, and then "chattr +i" on it. That should lock it down. Having said that... what's to prevent a user from saving copies of his email to a directory in his own account? I repeat what I said at the start of this message... if you have a problem with users having access to certain email, then don't let them access that email at all. That is the only way. -- Walter Dnes <[EMAIL PROTECTED]> My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
