[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#41763] services: opensmtpd: Fix the setgid problem for the smtpctl
|
From: |
Christopher Baines |
|
Subject: |
[bug#41763] services: opensmtpd: Fix the setgid problem for the smtpctl utility. |
|
Date: |
Thu, 11 Jun 2020 20:20:06 +0100 |
|
User-agent: |
mu4e 1.2.0; emacs 26.3 |
maxim.cournoyer@gmail.com writes:
> The following patches provide a mean to specify a user and group for a
> setuid program, and uses that to fix a setgid permission issue in the
> context of the opensmtpd service.
>
> Christopher, you should be able to leverage this new facility to
> configure the uid/gid of the sendmail program to that of the smtpq user,
> like this:
>
> --8<---------------cut here---------------start------------->8---
> (operating-system)
> [...]
> (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail")
> "smtpq")
> %setuid-programs))
> --8<---------------cut here---------------end--------------->8---
>
> The smtpq user is created as part of the OpenSMTPD service definition.
>
> Thank you,
>
>
> Maxim
Well, thank you for looking in to this Maxim. I've had a brief look
through the patches, although I don't know enough about this area to
comment properly on them.
I wonder if it's worth using a record type to make it possible to pass
the user and group values to the service. That would probably result in
more readable configuration than just using a list of varying length.
Specifically on the diff:
- (list #$@programs))))))
+ (quote (#$@programs)))))))
This change here will mean that you can't pass some values in, as they
won't be evaluated. #~(string-append sendmail "/usr/sbin/sendmail")
would no longer work for example.
Thanks again,
Chris
signature.asc
Description: PGP signature