I'm very confused about this. If the user has a shell account,
how can you possible deny them write permission? I mean, it is
possible,
but it sounds a bit counterintuitive to make their home directory
read-only.
Secondly, if they don't have a shell account, how would they be able
to edit their .qmail file as themselves (their uid and gid)?
-Tom
Russell Nelson wrote:
>
> Dmitry Niqiforoff writes:
> > Yesterday I found that any user are able to start any program at
> > server with .qmail file. This could be potentially dangerous, AFAIU.
>
> Only if you let users edit their own .qmail files. Don't. Deny them
> write permission in their home directory. If they need to upload
> html, give them write permission in public_html. If you really,
> *really* need to allow them to change their .qmail files, give them a
> "qmail" home directory, and have a root cron job which copies .qmail
> files from that directory into their home directory, editing out
> program deliveries on the way.
>
> --
> -russ nelson <[EMAIL PROTECTED]> http://russnelson.com
> Crynwr sells support for free software | PGPok | Government schools are so
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
> Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
--
+-------------------------------------------------------------------+
+ Thomas M. Sasala, Electrical Engineer [EMAIL PROTECTED] +
+ MRJ Technology Solutions http://www.mrj.com +
+ 10461 White Granite Drive, Suite 102 (W)(703)277-1714 +
+ Oakton, VA 22124 (F)(703)277-1702 +
+-------------------------------------------------------------------+