John Goerzen writes ("Policy question"):
...
> The situation is this. There is a mailing list management program that
> needs to run setuid to its particular uid (created by adduser in postinst).
> It also ought to run setgid to its particular gid (again, created by adduser
> in postinst.) It is intended to be run only by a MTA, and as a security
> precaution (since it is setuid/setgid), it is best not to let anyone execute
> it (also, it would be very easy to forge messages that way.)
In fact, you don't mean that it needs to run setuid. It merely needs
to be run _as_ a particular uid. There are several ways of achieving
this other than setuid. Two that I can think of that I'd recommend to
you are:
* userv, which Wichert has already mentioned.
* Most MTA's can be configured to run particular sets of aliases
etc. as particular uses and/or groups.
Ian.
