On 2024-12-19 17:53, Wietse Venema via Postfix-users wrote: > > **HOWEVER** when Postfix runs a non-Postfix code on behalf of a > user (example: a command in a .forward file) THEN IT WOULD BE A > REAL WTF if that command has different rights than the user. If > the command CAN do something that the user CANNOT do, then that is
This is a good example of things done well in postfix, that might get unnoticed or not understood by system administrator. In case of some hosting-only accounts the user might be not allowed to run any commands, by having no shell, "disable_functions = exec,shell_exec,system,..." in php.ini etc. But it's easy to overlook execution by local(8), which is not a subject of /etc/shells or any PAM checks AFAIK. Therefore system administrator who wants to keep .forward working and keep a limited set of possible commands, might want to use No/ExecPaths= for that purpose. This is especially important when entire /home is not noexec-mounted. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
