* The plural of "address" is "addresses". "-ii" is not how any word pluralizes in English.
* The way to monitor such a directory nowadays is with |kevent(EVFILT_VNODE)| or |inotify_*()|. * Long-known multi-user spool security precautions: /Always/ check the |d_type|; /always/ |fstatat()|/|fstat()| the spool file and check for |S_ISREG()|. * Long-known multi-user spool security precautions: Spool areas should be beneath a non-world-accessible parent directory, and the program that dumps into the spool should be set-group-ID to a group (or a /non-owner/ user) that has search access on the parent in order to reach the spool directory beneath. Not doing this is an error that was initially made in Postfix years ago, avoiding all set-ID programs without realizing that set-ID is a necessarymechanism for secure multi-user spooling when it is in this form. (See Bruce Guenter's bcron <http://untroubled.org/bcron/> for an example of an alternative way that multi-user spooling can be structured using a submission server and UCSPI-UNIX.) The spool-processing dæmon itself does not need to run under the aegis of this group, if it is simply started up already in its spool directory using |chdir| <http://jdebp.eu./Softwares/nosh/guide/commands/chdir.xml> (or cd <http://skarnet.org./software/execline/cd.html> or equivalent) in the |run| script. (This also means that it does not need to hardcode the location of its spool directory. Its spool directory is its working directory, where it works.) * Other security precautions: Dæmons such as this should /always/ |setuidgid| <http://jdebp.eu./Softwares/nosh/guide/commands/setuidgid.xml> away from the superuser in their |run| scripts to an account dedicated to the dæmon. (Compare the |run| script in Bruce Guenter's nullmailer <http://untroubled.org/nullmailer/>.) o Jonathan de Boyne Pollard (2019). "Limiting services: Running under the aegises of unprivileged user accounts <http://jdebp.eu./Softwares/nosh/guide/limiting-services.html#users>". /nosh Guide/. Softwares. o https://unix.stackexchange.com/questions/450251/ * Other spool-processing dæmon security measures: The dedicated user account has no need to own /anything/, neither the spooled files nor the spool directory itself. It needs only read+write+execute permission on the spool directory, and read permission on the spool files. Having ownership permission as well permits compromised dæmons to change ACLs and permissions. o Jonathan de Boyne Pollard (2019). "Log service security: Dedicated log user accounts <http://jdebp.eu./Softwares/nosh/guide/log-service-security.html#users>"./nosh Guide/. Softwares. * Debian family operating system conventions: That has not been the way to write a van Smoorenburg |rc| script for Debian family operating systems since 2014. o Petter Reinholdtsen (2014-02-09). init-d-script <https://manpages.debian.org/stretch/sysvinit-utils/init-d-script.5.en.html>. /File formats manual/. Debian. * C language standards: |stdout| is fully buffered if it is not an interactive device, which a pipe is indeed not. |stderr| is of course /not/ fully buffered. * Unix conventions: Logs go to standard error.
