RE: [SAtalk] Procmail - DROPPRIVS

Thu, 29 May 2003 07:52:56 -0700 


> -----Original Message-----
> From: Jose M. Herrera
> Sent: Wednesday, May 28, 2003 12:22 PM
>
> Why is necesary put DROPPRIVS=yes in /etc/procmailrc ???
>
> What is DROPPRIVS for?

 From "man procmailrc":

       DROPPRIVS   If set to `yes' procmail will drop all privileges it
might                   have  had  (suid or sgid).  This is only useful if
you want to guarantee that the bottom half  of  the  /etc/procmailrc file is
executed on behalf of the recipient.

and from "man procmail":

       If no rcfiles and no -p have been specified on the command line,
proc-       mail  will, prior to reading $HOME/.procmailrc, interpret
commands from       /etc/procmailrc  (if  present).   Care  must  be  taken
when  creating       /etc/procmailrc,  because, if circumstances permit, it
will be executed       with  root  privileges  (contrary  to  the
$HOME/.procmailrc  file  of       course).

       If  running suid root or with root privileges, procmail will be able
to       perform as a functionally enhanced, backwards compatible mail
delivery       agent.

------------------

Unless you need to perform functions that require root privileges, you
should
drop privileges early.  Here's an example, where you might decide to
run with root privileges for a while:

SA=/usr/bin/spamassassin
SA_OPTS=""
SPAM_FILE=/var/spool/mail/spam

#
# System wide filtering of spam. Save a copy of alleged spam into file under
# /var/spool/mail that is owned by root, has the "mail" group with
# read-write for owner/group only. Thus, it can't be read/written by
# regular users. Periodically, the admin might go through this spam
# mailbox to review how well the spam filtering is working.
# (It's just an example.)
#

#
# Run the spam check first
#
:0fw
* < 100000
* ? test -x $SA
| $SA $SA_OPTS

#
# Check for spam, if found, make a copy and deposit it into
# the system wide spam folder.
#
:0c:
* ^X-Spam-Status: Yes
$SPAM_FILE


#
# Begin normal user-level processing
#
DROPPRIVS=YES

MAILDIR=$HOME/mail
LOGFILE=$HOME/.procmail.log

#
# Now, check for spam, running as the user, and file the spam
# into the local spam folder.
#
:0c:
* ^X-Spam-Status: Yes
spam




-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to