[OpenAFS] qmail and user mail accounts in AFS
bucy-openafs@gloop.org
bucy-openafs@gloop.org
Thu, 26 Feb 2004 14:09:42 -0500
On Tue, Feb 24, 2004 at 10:33:57AM -0600, Troy Benjegerdes wrote:
> I have a script that starts up courier-imap and courier-mta with tokens
> for a user called 'mail' that has ACL's for all the user's maildirs.
We contemplated this and its a bad idea if you allow a user to put
arbitrary shellcode in .qmail -- any user's delivery can clobber any
other user's mail since they're all running with the same creds.
Normally qmail-lspawn does
qmail-local <args>
we hacked ours to do
kinit --keytab=/var/keys/<user> <user>/mail qmail-local <args>
(i.e. there's a user/mail princ/user.mail pts user for each user which
in turn only has rights on the user's maildir)
It turns out there's an easier way, though:
rename qmail-local out of the way and replace it with a script to
get creds and then run the real qmail-local.
john