Hi,
I'm beginning to do a bit of work to try to reduce the forkage between
our local qpsmtpd and upstream. We use the clamdscan plugin, which
requires 0750 or similar permissions on the spool directory. We modifed
Qpsmtpd.pm to display a warning if permissions were something _other_
than 0750, rather than uselessly warning that they were not 0700.
Attached is a patch that leaves the default at 0700, but allows the
administrator to write an alternate permission configuration to the
'spool_perms' configuration file. It also simplifies the logic a bit.
Without writing anything new to spool_perms, this is functionally
identical to the old code, except for one subtle difference: if a file
exists in place of the spool directory which does not have 0700 perms,
QP would formerly complain about the permissions, then attempt to create
the directory (and presumably fail because something already exists
there). The new code doesn't bother checking on the permissions of a
non-directory but instead skips right to the business of trying to
create it.
-Jared
Index: plugins/virus/clamdscan
===================================================================
--- plugins/virus/clamdscan (revision 961)
+++ plugins/virus/clamdscan (working copy)
@@ -24,8 +24,8 @@
=item * Enable the "AllowSupplementaryGroups" option in clamd.conf.
=item * Change the permissions of the qpsmtpd spool directory to 0750 (this
-will emit a warning when the qpsmtpd service starts up, but can be safely
-ignored).
+will emit a warning when the qpsmtpd service starts up, unless/until you
+write '0750' to the 'spool_perms' configuration file).
=item * Make sure that all directories above the spool directory (to the
root) are g+x so that the group has directory traversal rights; it is not
Index: lib/Qpsmtpd.pm
===================================================================
--- lib/Qpsmtpd.pm (revision 961)
+++ lib/Qpsmtpd.pm (working copy)
@@ -529,18 +529,15 @@
$Spool_dir =~ /^(.+)$/ or die "spool_dir not configured properly";
$Spool_dir = $1; # cleanse the taint
+ my $Spool_perms = $self->config('spool_perms') || '0700';
- # Make sure the spool dir has appropriate rights
- if (-e $Spool_dir) {
- my $mode = (stat($Spool_dir))[2];
- $self->log(LOGWARN,
- "Permissions on spool_dir $Spool_dir are not 0700")
- if $mode & 07077;
+ if (-d $Spool_dir) { # Make sure the spool dir has appropriate rights
+ $self->log(LOGWARN,"Permissions on spool_dir $Spool_dir are not 2750")
+ unless sprintf('%o',(stat($Spool_dir))[2] & 07777) eq $Spool_perms;
+ } else { # Or create it if it doesn't already exist
+ mkdir($Spool_dir,oct $Spool_perms) or die "Could not create spool_dir $Spool_dir: $!";
}
- # And finally, create it if it doesn't already exist
- -d $Spool_dir or mkdir($Spool_dir, 0700)
- or die "Could not create spool_dir $Spool_dir: $!";
}
return $Spool_dir;
