[OpenAFS] qmail and user mail accounts in AFS

bucy-openafs@gloop.org bucy-openafs@gloop.org
Thu, 26 Feb 2004 14:09:42 -0500


On Tue, Feb 24, 2004 at 10:33:57AM -0600, Troy Benjegerdes wrote:

> I have a script that starts up courier-imap and courier-mta with tokens 
> for a user called 'mail' that has ACL's for all the user's maildirs.

We contemplated this and its a bad idea if you allow a user to put
arbitrary shellcode in .qmail -- any user's delivery can clobber any
other user's mail since they're all running with the same creds.

Normally qmail-lspawn does 
qmail-local <args> 

we hacked ours to do
kinit --keytab=/var/keys/<user> <user>/mail qmail-local <args>

(i.e. there's a user/mail princ/user.mail pts user for each user which
in turn only has rights on the user's maildir)

It turns out there's an easier way, though:
rename qmail-local out of the way and replace it with a script to
get creds and then run the real qmail-local.



john