I think the wrapper is primarily for security purposes, and tries to make
sure majordomo plays in it's own sandbox, but it also provides some default
information to the perl scripts. I would have to look at section 2.1 of
the FAQ again, and probably read the Makefile to see what else it is
responsible for.
Dan Liston
Jeffrey Goldberg wrote:
>
> With some (probably most by now, but I am working with exim) MTAs it is
> possible to set the user and group under which a pipe will be executed.
>
> A typical majordomo set up would be something like:
>
> # file for outgoing aliases which should only be used by majordom
> # user injecting mail locally
>
> majordomo_private:
> driver = aliasfile
> file_transport = address_file
> pipe_transport = address_pipe
> file = TABLES/majordomo-out.aliases
> search_type = lsearch
> user = majordom
> group = majordom
> condition = "${if eq {$received_protocol}{local} \
> {${if eq {$sender_ident}{majordom} \
> {true}{false}}}{false}}"
>
> # file for "public" majordomo aliases.
> majordomo_aliases:
> driver = aliasfile
> file_transport = address_file
> pipe_transport = address_pipe
> file = TABLES/majordomo.aliases
> search_type = dbm
> modemask=002
> user = majordom
> group = majordom
>
> The use of group and user in the exim director will ensure that pipes
> (and file appends if there are any) in in those aliases will be run
> as uid majordom.
>
> Does this obviate the need for wrapper? Or are there other things that
> wrapper protects me from.
>
> -j
>
> --
> Jeffrey Goldberg
> Until June 9: Cranfield Computer Centre +44(0)1234 750 111 x 2826
> See http://www.goldmark.org/jeff/contact.html for change of address info
> Relativism is the triumph of authority over truth, convention over justice.
References:
|
|
