On 2018-07-04 15:54, Reindl Harald wrote:
Well I *think* you could probably only allow dbmail-util process /executable to read the file and no others using SELinux or something like that but that seems rather complex .Am 04.07.2018 um 15:45 schrieb Thomas Raschbacher:I guess you could write a patch for that, but you would need to make sure that seed is stored somewhere the admins cannot access it, otherwise the whole thing would be pointless (or only making it a bit more complicated for someone who really wants to do it). Alternatively what would probably be easier would be to write a patch to load the database config from a different location, and make that file not readable by your admins (through whichever means) but only readable by root / the dbmail processcan't work - dbmail-util needs to read it too and so the user invoking dbmail-util is able to do the same
that is what I think too to be honest .. i mean with maildir based servers the admins would still have access to all the mails too so ...either i am admin for a service or not.....
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://lists.nfg.nl/mailman/listinfo/dbmail
