very good point. This should be checked.


Am 13.05.20 um 10:29 schrieb Michael Tremer:
Hi,

This solution looks a lot better to me.

Do we have to restore permissions when a backup is restored, too?

-Michael

Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

On 13 May 2020, at 05:57, Alexander Marx <alexander.marx@ipfire.org> wrote:

Because other services that run as other users than nobody should be
able to send mails, this patch changes the permissions

from
nobody.root

to
nobody.mail

When another user wants to send mails via DMA, the user has to be put into the group "mail".

FIXES: #12403

Arne: Please take care of update script, so these changes affect normal update procedure.
---
lfs/dma | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lfs/dma b/lfs/dma
index 6b5d9bfbf..7f0c2cc0e 100644
--- a/lfs/dma
+++ b/lfs/dma
@@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
	cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc
	install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin
	chown -R nobody.nobody /var/ipfire/dma
-	chown nobody.root /var/ipfire/dma/auth.conf
-	chmod 644 /var/ipfire/dma/auth.conf
+	chown nobody.mail /var/ipfire/dma/auth.conf
	ln -svf dma /usr/sbin/sendmail.dma
	/usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20
	@rm -rf $(DIR_APP)
-- 
2.17.1