FS#17326 - [ssmtp] setgid mail
Attached to Project:
Arch Linux
Opened by Olivier Mehani (shtrom) - Monday, 30 November 2009, 09:54 GMT
Last edited by Pierre Schmitz (Pierre) - Saturday, 16 May 2015, 14:44 GMT
Opened by Olivier Mehani (shtrom) - Monday, 30 November 2009, 09:54 GMT
Last edited by Pierre Schmitz (Pierre) - Saturday, 16 May 2015, 14:44 GMT
|
Details
When configuring ssmtp from ssmtp.conf, the AuthUser and
AuthPass parameter allow te specify credentials to identify
to the upstream SMTP relay. It is desirable that this
information is not readable by local users. A solution is to
`chmod 600` said configuration file. This causes the problem
that a local user trying to send email using ssmtp can't
read the configuration file anymore.
A solution would be to `chgrp mail /etc/ssmtp.conf`, and give read rights to group mail (640), then `chgrp mail /usr/sbin/ssmtp` and make the binary setgid (chmod g+s). This way, users can't read the file except when using ssmtp itself, and mail delivery works. As a side note, maybe would it be wiser to dedicate a specific group (_ssmtp ?) rather than using group mail. |
This task depends upon
Assigning to the three last packagers.