[Amavisd-new-debian-devel] /var/lib/amavis and /var/lib/amavis/tmp permissions
Alexander Wirt
formorer at formorer.de
Tue Nov 24 10:14:47 UTC 2009
Harald Jenny schrieb am Dienstag, den 24. November 2009:
Hi,
*snip*
> Well this will break amavisd-milter as it requires no other access to the tmp-dir - the solution proposed by upstream maintainer is 0770 with added scanners to group amavis.
Yeah thats what I mean and propose :). After reading my sentence a second
time I saw I wrote bullshit before ;).
>
> >
> > /var/lib/amavis/db:0755 seems to wide for me. Nobody should need access to
> > the SA dbs from outside. 0750 should work here.
>
> Good
>
> >
> > I like Henriques suggestion of making virusmails 0750 but not with
> > amavis:mail. If you have a webfrontend which need access to the queue you
> > really don't want it in the group mail since this group also has access the
> > the mailspool.
>
> True, but I would say this is a decision for the admin not for the developer so amavis:amavis with README should be the best way.
Yes, we should use dpkg-statoverride to let the decision the the admin for
all permissions.
> >
> > I didn't took a look to the implementation yet, but I'll do that soon if I
> > have time to implement the changes.
>
> If you are willing to accept a patch for this I could do this for you?
If you use dpkg-statoverride and take care to only change permissions that
are not changed be the admin thats fine to me :).
Alex
More information about the Amavisd-new-debian-devel
mailing list