-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "JG" == Julian Gordon <julian@cadence.com> writes:
JG> Does anyone know of any risk to making majordom a trusted sendmail
JG> user?
There is no risk inherent in doing so. All it does is allow the
majordomo user to "forge" mail headers -- notably the listname-owner
mailbox that is placed in the Sender header -- without generating
authentication warnings. With the majordomo user in the trusted users
list, should someone gain access to the majordomo user account they will
be able to do likewise. But making the majordomo user "trusted" will by
no means allow anyone access to the account.
If you are paranoid (which you should be) you could make the shell for
the account something which immediately terminates, like this little
shell script:
#!/bin/sh
echo "This account does not have interactive login privilege."
exit 0
This means that only root will be able to create lists since only root
can chown the files appropriately, which is usually not a significant
problem since root has to edit /etc{/mail}/aliases to create the list
anyway.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMmOXEZ6VRH7BJMxHAQGGBwP7BHoigmqsE7Jf8vjTaWET0sXtPXq7ZcQp
jdj8zpvS7ZXUSWtq0ZmLGb/GhKoxitlvU9C3qyiioNYtEyaSn2Yf6Y7CuQWjeLro
CHWrtBB5f83I+8wNKQjP21QGC4/hHeW7Pr5SWvZlGLJH5JIU4Sv/A+iG+OfBKWCX
VmS3oypRgKE=
=QHZ2
-----END PGP SIGNATURE-----
--
Richard Pieri/Information Services \ When you go out in the world, remember:
<ratinox@unilab.dfci.harvard.edu> \ being placed on a pedestal is a right,
http://www.dfci.harvard.edu/ \ not a priviledge! -A cat's guide to life
Follow-Ups:
References:
|
|
