[PATCH] BUG12403: Change group permission of dma.conf

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] BUG12403: Change group permission of dma.conf
@ 2020-05-13  4:57 Alexander Marx
  2020-05-13  8:29 ` Michael Tremer
  2020-05-18 20:25 ` Arne Fitzenreiter
  0 siblings, 2 replies; 4+ messages in thread
From: Alexander Marx @ 2020-05-13  4:57 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1097 bytes --]

Because other services that run as other users than nobody should be
able to send mails, this patch changes the permissions

from
nobody.root

to
nobody.mail

When another user wants to send mails via DMA, the user has to be put into the group "mail".

FIXES: #12403

Arne: Please take care of update script, so these changes affect normal update procedure.
---
 lfs/dma | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lfs/dma b/lfs/dma
index 6b5d9bfbf..7f0c2cc0e 100644
--- a/lfs/dma
+++ b/lfs/dma
@@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc
 	install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin
 	chown -R nobody.nobody /var/ipfire/dma
-	chown nobody.root /var/ipfire/dma/auth.conf
-	chmod 644 /var/ipfire/dma/auth.conf
+	chown nobody.mail /var/ipfire/dma/auth.conf
 	ln -svf dma /usr/sbin/sendmail.dma
 	/usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20
 	@rm -rf $(DIR_APP)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] BUG12403: Change group permission of dma.conf
  2020-05-13  4:57 [PATCH] BUG12403: Change group permission of dma.conf Alexander Marx
@ 2020-05-13  8:29 ` Michael Tremer
  2020-05-18 20:25 ` Arne Fitzenreiter
  1 sibling, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2020-05-13  8:29 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1438 bytes --]

Hi,

This solution looks a lot better to me.

Do we have to restore permissions when a backup is restored, too?

-Michael

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 13 May 2020, at 05:57, Alexander Marx <alexander.marx(a)ipfire.org> wrote:
> 
> Because other services that run as other users than nobody should be
> able to send mails, this patch changes the permissions
> 
> from
> nobody.root
> 
> to
> nobody.mail
> 
> When another user wants to send mails via DMA, the user has to be put into the group "mail".
> 
> FIXES: #12403
> 
> Arne: Please take care of update script, so these changes affect normal update procedure.
> ---
> lfs/dma | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/lfs/dma b/lfs/dma
> index 6b5d9bfbf..7f0c2cc0e 100644
> --- a/lfs/dma
> +++ b/lfs/dma
> @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> 	cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc
> 	install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin
> 	chown -R nobody.nobody /var/ipfire/dma
> -	chown nobody.root /var/ipfire/dma/auth.conf
> -	chmod 644 /var/ipfire/dma/auth.conf
> +	chown nobody.mail /var/ipfire/dma/auth.conf
> 	ln -svf dma /usr/sbin/sendmail.dma
> 	/usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20
> 	@rm -rf $(DIR_APP)
> -- 
> 2.17.1
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] BUG12403: Change group permission of dma.conf
  2020-05-13  4:57 [PATCH] BUG12403: Change group permission of dma.conf Alexander Marx
  2020-05-13  8:29 ` Michael Tremer
@ 2020-05-18 20:25 ` Arne Fitzenreiter
  1 sibling, 0 replies; 4+ messages in thread
From: Arne Fitzenreiter @ 2020-05-18 20:25 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1222 bytes --]

git cannot apply this patch to the next tree.

Arne


Am 2020-05-13 06:57, schrieb Alexander Marx:
> Because other services that run as other users than nobody should be
> able to send mails, this patch changes the permissions
> 
> from
> nobody.root
> 
> to
> nobody.mail
> 
> When another user wants to send mails via DMA, the user has to be put
> into the group "mail".
> 
> FIXES: #12403
> 
> Arne: Please take care of update script, so these changes affect
> normal update procedure.
> ---
>  lfs/dma | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/lfs/dma b/lfs/dma
> index 6b5d9bfbf..7f0c2cc0e 100644
> --- a/lfs/dma
> +++ b/lfs/dma
> @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  	cd $(DIR_APP) && make install mailq-link install-spool-dirs 
> install-etc
>  	install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin
>  	chown -R nobody.nobody /var/ipfire/dma
> -	chown nobody.root /var/ipfire/dma/auth.conf
> -	chmod 644 /var/ipfire/dma/auth.conf
> +	chown nobody.mail /var/ipfire/dma/auth.conf
>  	ln -svf dma /usr/sbin/sendmail.dma
>  	/usr/sbin/alternatives --install /usr/sbin/sendmail sendmail
> /usr/sbin/sendmail.dma 20
>  	@rm -rf $(DIR_APP)

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <027b8020-3a7e-5615-97b6-fc4101cc6335@ipfire.org>]

* Re: [PATCH] BUG12403: Change group permission of dma.conf
       [not found] <027b8020-3a7e-5615-97b6-fc4101cc6335@ipfire.org>
@ 2020-05-13  9:59 ` Michael Tremer
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2020-05-13  9:59 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1770 bytes --]

By whom?

> On 13 May 2020, at 10:54, Alexander Marx <alexander.marx(a)ipfire.org> wrote:
> 
> very good point. This should be checked.
> 
> 
> Am 13.05.20 um 10:29 schrieb Michael Tremer:
>> Hi,
>> 
>> This solution looks a lot better to me.
>> 
>> Do we have to restore permissions when a backup is restored, too?
>> 
>> -Michael
>> 
>> Reviewed-by: Michael Tremer 
>> <michael.tremer(a)ipfire.org>
>> 
>> 
>> 
>>> On 13 May 2020, at 05:57, Alexander Marx <alexander.marx(a)ipfire.org>
>>>  wrote:
>>> 
>>> Because other services that run as other users than nobody should be
>>> able to send mails, this patch changes the permissions
>>> 
>>> from
>>> nobody.root
>>> 
>>> to
>>> nobody.mail
>>> 
>>> When another user wants to send mails via DMA, the user has to be put into the group "mail".
>>> 
>>> FIXES: #12403
>>> 
>>> Arne: Please take care of update script, so these changes affect normal update procedure.
>>> ---
>>> lfs/dma | 3 +--
>>> 1 file changed, 1 insertion(+), 2 deletions(-)
>>> 
>>> diff --git a/lfs/dma b/lfs/dma
>>> index 6b5d9bfbf..7f0c2cc0e 100644
>>> --- a/lfs/dma
>>> +++ b/lfs/dma
>>> @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>> 	cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc
>>> 	install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin
>>> 	chown -R nobody.nobody /var/ipfire/dma
>>> -	chown nobody.root /var/ipfire/dma/auth.conf
>>> -	chmod 644 /var/ipfire/dma/auth.conf
>>> +	chown nobody.mail /var/ipfire/dma/auth.conf
>>> 	ln -svf dma /usr/sbin/sendmail.dma
>>> 	/usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20
>>> 	@rm -rf $(DIR_APP)
>>> -- 
>>> 2.17.1
>>> 
>>> 
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-05-18 20:25 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-13  4:57 [PATCH] BUG12403: Change group permission of dma.conf Alexander Marx
2020-05-13  8:29 ` Michael Tremer
2020-05-18 20:25 ` Arne Fitzenreiter
     [not found] <027b8020-3a7e-5615-97b6-fc4101cc6335@ipfire.org>
2020-05-13  9:59 ` Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox