paths and permissions
Jesse Trucks
jesse at cyberius.net
Fri Feb 27 16:56:07 CET 2004
I believe this operation happens due to elevated privileges in the
process that delivers mail. The reason is that mail comes in and is
processed by the mail server and it has to have permissions to write to
any user's mail file. Therefore, it has root privileges. Those expanded
rights allow the process to write to the wordlist.db file.
On Sat, 21 Feb 2004, David Relson wrote:
> Greetings,
>
> I've moved my wordlist file from /var/lib/bogofilter/ to
> /var/spool/bogofilter/ and have changed its owner and group from relson
> to mail. The changes give a more reasonable appearance to the process
> of receiving email and running "bogofilter -u":
>
> drwxr-xr-x 21 root root 4096 Nov 3 13:14 /var/
> drwxr-xr-x 13 root root 4096 Feb 21 15:31 /var/spool/
> drwxr-xr-x 2 mail mail 4096 Feb 21 16:25
> /var/spool/bogofilter/
> -rw-r--r-- 1 mail mail 71823360 Feb 21 16:40
> /var/spool/bogofilter/wordlist.db
>
> Postfix (or procmail) does seem to be using some permission magic.
> Userid "charlie" doesn't have write access to wordlist.db and can't
> modify the file when logged in and running commands. However when
> there's email for "charlie", he has write access to the file. A test
> shows that the following environment variables are set:
>
> DEFAULT=/var/spool/mail/charlie
> EUID=1022
> LOGNAME=charlie
> ORGMAIL=/var/spool/mail/charlie
> UID=1022
>
> Don't ask me how this all works since I don't know. Does one of you?
>
> David
>
> ---------------------------------------------------------------------
> FAQ: http://bogofilter.sourceforge.net/bogofilter-faq.html
> To unsubscribe, e-mail: bogofilter-unsubscribe at aotto.com
> For summary digest subscription: bogofilter-digest-subscribe at aotto.com
> For more commands, e-mail: bogofilter-help at aotto.com
>
--
Jesse Trucks jesse at cyberius.net
Cyberius' Network http://www.cyberius.net/
GCUX - GIAC Certified Unix Security Administrator
More information about the Bogofilter
mailing list