Because other services that run as other users than nobody should be able to send mails, this patch changes the permissions
from nobody.root
to nobody.mail
When another user wants to send mails via DMA, the user has to be put into the group "mail".
FIXES: #12403
Arne: Please take care of update script, so these changes affect normal update procedure. --- lfs/dma | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lfs/dma b/lfs/dma index 6b5d9bfbf..7f0c2cc0e 100644 --- a/lfs/dma +++ b/lfs/dma @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin chown -R nobody.nobody /var/ipfire/dma - chown nobody.root /var/ipfire/dma/auth.conf - chmod 644 /var/ipfire/dma/auth.conf + chown nobody.mail /var/ipfire/dma/auth.conf ln -svf dma /usr/sbin/sendmail.dma /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 @rm -rf $(DIR_APP)
Hi,
This solution looks a lot better to me.
Do we have to restore permissions when a backup is restored, too?
-Michael
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 13 May 2020, at 05:57, Alexander Marx alexander.marx@ipfire.org wrote:
Because other services that run as other users than nobody should be able to send mails, this patch changes the permissions
from nobody.root
to nobody.mail
When another user wants to send mails via DMA, the user has to be put into the group "mail".
FIXES: #12403
Arne: Please take care of update script, so these changes affect normal update procedure.
lfs/dma | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lfs/dma b/lfs/dma index 6b5d9bfbf..7f0c2cc0e 100644 --- a/lfs/dma +++ b/lfs/dma @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin chown -R nobody.nobody /var/ipfire/dma
- chown nobody.root /var/ipfire/dma/auth.conf
- chmod 644 /var/ipfire/dma/auth.conf
- chown nobody.mail /var/ipfire/dma/auth.conf ln -svf dma /usr/sbin/sendmail.dma /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 @rm -rf $(DIR_APP)
-- 2.17.1
very good point. This should be checked.
Am 13.05.20 um 10:29 schrieb Michael Tremer:
Hi,
This solution looks a lot better to me.
Do we have to restore permissions when a backup is restored, too?
-Michael
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 13 May 2020, at 05:57, Alexander Marx alexander.marx@ipfire.org wrote:
Because other services that run as other users than nobody should be able to send mails, this patch changes the permissions
from nobody.root
to nobody.mail
When another user wants to send mails via DMA, the user has to be put into the group "mail".
FIXES: #12403
Arne: Please take care of update script, so these changes affect normal update procedure.
lfs/dma | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lfs/dma b/lfs/dma index 6b5d9bfbf..7f0c2cc0e 100644 --- a/lfs/dma +++ b/lfs/dma @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin chown -R nobody.nobody /var/ipfire/dma
- chown nobody.root /var/ipfire/dma/auth.conf
- chmod 644 /var/ipfire/dma/auth.conf
- chown nobody.mail /var/ipfire/dma/auth.conf ln -svf dma /usr/sbin/sendmail.dma /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 @rm -rf $(DIR_APP)
-- 2.17.1
By whom?
On 13 May 2020, at 10:54, Alexander Marx alexander.marx@ipfire.org wrote:
very good point. This should be checked.
Am 13.05.20 um 10:29 schrieb Michael Tremer:
Hi,
This solution looks a lot better to me.
Do we have to restore permissions when a backup is restored, too?
-Michael
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 13 May 2020, at 05:57, Alexander Marx alexander.marx@ipfire.org wrote:
Because other services that run as other users than nobody should be able to send mails, this patch changes the permissions
from nobody.root
to nobody.mail
When another user wants to send mails via DMA, the user has to be put into the group "mail".
FIXES: #12403
Arne: Please take care of update script, so these changes affect normal update procedure.
lfs/dma | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lfs/dma b/lfs/dma index 6b5d9bfbf..7f0c2cc0e 100644 --- a/lfs/dma +++ b/lfs/dma @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin chown -R nobody.nobody /var/ipfire/dma
- chown nobody.root /var/ipfire/dma/auth.conf
- chmod 644 /var/ipfire/dma/auth.conf
- chown nobody.mail /var/ipfire/dma/auth.conf ln -svf dma /usr/sbin/sendmail.dma /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 @rm -rf $(DIR_APP)
-- 2.17.1
LOL. Well, i think if Arne implements this in the next update-script, the backup would run automatically and then with the right permissions.
The question is if we should implement an extra check for people who don't upgrade their IPFire. For this case its nearly obsolete because if they dont update, they will never get an addon wich needs that feature ;-)
Am 13.05.20 um 11:59 schrieb Michael Tremer:
By whom?
On 13 May 2020, at 10:54, Alexander Marx alexander.marx@ipfire.org wrote:
very good point. This should be checked.
Am 13.05.20 um 10:29 schrieb Michael Tremer:
Hi,
This solution looks a lot better to me.
Do we have to restore permissions when a backup is restored, too?
-Michael
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 13 May 2020, at 05:57, Alexander Marx alexander.marx@ipfire.org wrote:
Because other services that run as other users than nobody should be able to send mails, this patch changes the permissions
from nobody.root
to nobody.mail
When another user wants to send mails via DMA, the user has to be put into the group "mail".
FIXES: #12403
Arne: Please take care of update script, so these changes affect normal update procedure.
lfs/dma | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lfs/dma b/lfs/dma index 6b5d9bfbf..7f0c2cc0e 100644 --- a/lfs/dma +++ b/lfs/dma @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin chown -R nobody.nobody /var/ipfire/dma
- chown nobody.root /var/ipfire/dma/auth.conf
- chmod 644 /var/ipfire/dma/auth.conf
- chown nobody.mail /var/ipfire/dma/auth.conf ln -svf dma /usr/sbin/sendmail.dma /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 @rm -rf $(DIR_APP)
-- 2.17.1
git cannot apply this patch to the next tree.
Arne
Am 2020-05-13 06:57, schrieb Alexander Marx:
Because other services that run as other users than nobody should be able to send mails, this patch changes the permissions
from nobody.root
to nobody.mail
When another user wants to send mails via DMA, the user has to be put into the group "mail".
FIXES: #12403
Arne: Please take care of update script, so these changes affect normal update procedure.
lfs/dma | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lfs/dma b/lfs/dma index 6b5d9bfbf..7f0c2cc0e 100644 --- a/lfs/dma +++ b/lfs/dma @@ -79,8 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin chown -R nobody.nobody /var/ipfire/dma
- chown nobody.root /var/ipfire/dma/auth.conf
- chmod 644 /var/ipfire/dma/auth.conf
- chown nobody.mail /var/ipfire/dma/auth.conf ln -svf dma /usr/sbin/sendmail.dma /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail
/usr/sbin/sendmail.dma 20 @rm -rf $(DIR_APP)