dma -- sending mail from non-root to non-root
Michael Krauss
hippodriver at gmx.net
Fri May 23 07:30:32 PDT 2008
Hello DragonFly experts,
I am running into problems when sending mail from one unprivileged user
to another with the DragonFly Mail Agent.
Actually I want to run dma on Arch Linux. Porting the program itself
was not a problem at all, it is running now, but suffering the same
mail folder access problems as on DragonFly BSD. On Arch Linux it is
getting even worse as no mail folder is automatically created for a
new user account. Here is a protocol from DragonFly 1.12.2:
After creation of user bob:
gimli# ls -l /var/mail/bob
total 0
-rw------- 1 bob bob 0 Sep 8 23:10 bob
Try to send a mail from non-root:
> /usr/libexec/dma -D bob
Hallo bob
dma[878]: d0.28299080: mail from=<mickraus at gimli.gondor> to=<bob>
dma[878]: d0.28299080: trying delivery
dma[878]: d0.28299080: local delivery deferred: can not open
`/var/mail/bob': Permission denied ^C
Try to send a mail as root:
gimli# /usr/libexec/dma -D bob
Hallo Bob
dma[887]: d4.28299080: mail from=<mickraus at gimli.gondor> to=<bob>
dma[887]: d4.28299080: trying delivery
dma[887]: d4.28299080: delivery successful
gimli# ls -l /var/mail/bob
total 2
-rw------- 1 bob bob 215 Sep 8 23:14 bob
changing gid of /var/mail/bob to mail and switch to 660.
gimli# ls -l /var/mail/bob
-rw-rw---- 1 bob mail 0 Sep 8 23:17 /var/mail/bob
sending mail from non-root:
> /usr/libexec/dma -D bob
Hallo bob
dma[915]: d5.28299080: mail from=<mickraus at gimli.gondor> to=<bob>
dma[915]: d5.28299080: trying delivery
dma[915]: d5.28299080: delivery successful
Removing bobs mail folder and send a mail from non-root:
> /usr/libexec/dma -D bob
Hallo bob
dma[924]: d5.28299080: mail from=<mickraus at gimli.gondor> to=<bob>
dma[924]: d5.28299080: trying delivery
dma[924]: d5.28299080: delivery successful
> ls -l /var/mail/bob
--w------- 1 mickraus mail 218 Sep 8 23:30 /var/mail/bob
I tried to fix the creation of the new mail folder in dma.c in function
deliver_local, but I can't change the file owner to the mail recipient
with fchown, only root could do that. Excerpt from dma.c function
deliver_local (only added code into the __linux block to not pollute
your code):
error = snprintf(fn, sizeof(fn), "%s/%s", _PATH_MAILDIR, it->addr);
if (error < 0 || (size_t)error >= sizeof(fn)) {
syslog(LOG_ERR, "%s: local delivery deferred: %m",
it->queueid);
return (1);
}
/* mailx removes users mailspool file if empty, so open with O_CREAT */
#ifdef __linux
if ((mbox = open(fn, O_WRONLY | O_APPEND)) == -1) {
/* file doesn't exist, create file and set owner properly. */
mbox = open(fn, O_WRONLY | O_APPEND | O_CREAT);
if (fchmod(mbox, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) == -1) {
syslog(LOG_ERR, "%s: local delivery deferred: can not set file "
"permissions properly for `%s': %m",
it->queueid, fn);
return (1);
}
/* Setting owner and group to $recipient and mail */
uid_t uid;
gid_t gid;
uid = getpwnam(it->addr)->pw_uid;
gid = getgrnam("mail")->gr_gid;
if (fchown(mbox, uid, gid) == -1) { /* <---- here it breaks */
syslog(LOG_ERR, "%s: local delivery deferred: can not set file "
"owners properly for `%s': %m",
it->queueid, fn);
return (1);
}
}
flock(mbox, LOCK_EX);
#else
mbox = open(fn, O_WRONLY | O_EXLOCK | O_APPEND | O_CREAT);
#endif /* __linux */
if (mbox < 0) {
syslog(LOG_ERR, "%s: local delivery deferred: can not open `%s': %m",
it->queueid, fn);
return (1);
}
mboxlen = lseek(mbox, 0, SEEK_CUR);
Is there an other way to create an appropriate mail folder for the recipient of a mail?
I don't want to set uid root on dma.
Kind regards,
Michael Krauss
More information about the Users
mailing list