[Amavisd-new-debian-devel] /var/lib/amavis and /var/lib/amavis/tmp permissions

Alexander Wirt formorer at formorer.de
Tue Nov 24 10:14:47 UTC 2009


Harald Jenny schrieb am Dienstag, den 24. November 2009:

Hi, 

*snip*
> Well this will break amavisd-milter as it requires no other access to the tmp-dir - the solution proposed by upstream maintainer is 0770 with added scanners to group amavis.
Yeah thats what I mean and propose :). After reading my sentence a second
time I saw I wrote bullshit before ;).  
> 
> > 
> > /var/lib/amavis/db:0755 seems to wide for me. Nobody should need access to
> > the SA dbs from outside. 0750 should work here. 
> 
> Good
> 
> > 
> > I like Henriques suggestion of making virusmails 0750 but not with
> > amavis:mail. If you have a webfrontend which need access to the queue you
> > really don't want it in the group mail since this group also has access the
> > the mailspool. 
> 
> True, but I would say this is a decision for the admin not for the developer so amavis:amavis with README should be the best way.
Yes, we should use dpkg-statoverride to let the decision the the admin for
all permissions. 

> > 
> > I didn't took a look to the implementation yet, but I'll do that soon if I
> > have time to implement the changes. 
> 
> If you are willing to accept a patch for this I could do this for you?
If you use dpkg-statoverride and take care to only change permissions that
are not changed be the admin thats fine to me :). 

Alex




More information about the Amavisd-new-debian-devel mailing list