diff options
author | anders <anders@FreeBSD.org> | 2002-02-08 01:56:26 +0000 |
---|---|---|
committer | anders <anders@FreeBSD.org> | 2002-02-08 01:56:26 +0000 |
commit | a62112efe80dc881ba31addff549f5b9b56e2887 (patch) | |
tree | 4f578de1f51a176222cd539edb5bb9c5eb44367a | |
parent | 2a68636168a8a982ff824017952d803a5a74e3fb (diff) | |
download | FreeBSD-ports-a62112efe80dc881ba31addff549f5b9b56e2887.zip FreeBSD-ports-a62112efe80dc881ba31addff549f5b9b56e2887.tar.gz |
Add wrapper permissions dialog(1) to make it easier for users to have
their majordomo wrapper program executed from their MDA. Remove old
instructions for how this could be done manually. This also fixes the
new majordomo/mailnull issue.
Correct typo in post-install-notes (spotted by Dan Pelleg).
PR: 30170
-rw-r--r-- | mail/majordomo/Makefile | 3 | ||||
-rw-r--r-- | mail/majordomo/files/post-install-notes | 14 | ||||
-rw-r--r-- | mail/majordomo/scripts/adaptwrapper | 68 | ||||
-rw-r--r-- | mail/majordomo/scripts/createuser | 8 |
4 files changed, 71 insertions, 22 deletions
diff --git a/mail/majordomo/Makefile b/mail/majordomo/Makefile index d3a7913..fece3f3 100644 --- a/mail/majordomo/Makefile +++ b/mail/majordomo/Makefile @@ -13,7 +13,7 @@ MASTER_SITES= ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \ ftp://ftp.sgi.com/other/majordomo/1.94.5/ EXTRACT_SUFX= .tgz -MAINTAINER= anders@fix.no +MAINTAINER= anders@FreeBSD.org .if defined(WITH_SHA1_COOKIES) RUN_DEPENDS= ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1 @@ -93,6 +93,7 @@ post-install: @ ${CHMOD} 755 ${PREFIX}/majordomo/lists/test-l-digest.archive @ ${CHMOD} 660 ${PREFIX}/majordomo/lists/*.passwd .if !defined(BATCH) + @ ${SH} ${SCRIPTDIR}/adaptwrapper ${PREFIX} @ /usr/bin/more -e ${FILESDIR}/post-install-notes .endif diff --git a/mail/majordomo/files/post-install-notes b/mail/majordomo/files/post-install-notes index 286a06a..4729dc9 100644 --- a/mail/majordomo/files/post-install-notes +++ b/mail/majordomo/files/post-install-notes @@ -26,23 +26,11 @@ manually: or a line similar to the following to your m4 macros file : - define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo') + define(`ALIAS_FILE',`/etc/aliases,/usr/local/majordomo/aliases.majordomo') - consider using ports/mail/tlb to process your deliveries if you want to hide your outgoing aliases. This way you can prevent people from evading restrictions for posting to your lists. - - the user executing the commands of your local aliases must be added - to your majordom group to be able to execute the setuid wrapper - script. Sendmail does this as daemon by default, which is already - added. The postfix port uses nobody by default, which should be - changed to another user if your users can execute commands as user - nobody (Apache/CGI comes to mind). Postfix does not do initgroups() - properly, so you need to chgrp the wrapper script to the group of - the default_privs user (this may apply for other MTAs as well) for - it to work. It is important that you do this and not just make - wrapper executable for all; you are increasing the chances of it - getting exploited if you do. - Enjoy Majordomo! diff --git a/mail/majordomo/scripts/adaptwrapper b/mail/majordomo/scripts/adaptwrapper new file mode 100644 index 0000000..1c4d4fd --- /dev/null +++ b/mail/majordomo/scripts/adaptwrapper @@ -0,0 +1,68 @@ +#! /bin/sh +# anders@FreeBSD.org, 2002-02-08 + +if [ -z "$1" ] +then + prefix=/usr/local/majordomo +else + prefix=$1/majordomo +fi +tempfile=`/usr/bin/mktemp -t radiolist` + +/usr/bin/dialog --title "Making the majordomo wrapper run" --clear --radiolist "We need to make the majordomo wrapper program executable by your Mail\nDelivery Agent, but do not want it executable for all users due\nto security reasons.\n\n(This script can be re-executed from\n/usr/ports/mail/majordomo/scripts/adaptwrapper.)\n\nAdapt to the MDA of:" -1 -1 5 \ +Sendmail "(add users daemon/mailnull to the majordom group)" ON \ +Postfix "(change group ownership of wrapper to nobody)" OFF \ +2>$tempfile + +if [ "$?" = "1" ] +then + echo "Cancel pressed. You will need to make wrapper executable yourself." +fi + +choice=`cat $tempfile` +rm -f $tempfile +if [ -z "$choice" ] +then + echo "Empty selection." + exit 1 +fi + +addmember() { +# $1: group $2: user + if !(pw groupmod $1 -m $2 >/dev/null 2>&1) + then + echo "Error: Could not add user $2 to group $1." + exit 1 + fi +} + +changegroup() { +# $1: group + mywrapper=$prefix/wrapper + if !(chgrp $1 $mywrapper >/dev/null 2>&1) + then + echo "Error: Could not change group ownership of" + echo "$mywrapper" + echo "to group $1." + exit 1 + fi +} + +case $choice in +'Sendmail') + addmember majordom daemon + if (pw usershow mailnull >/dev/null 2>&1) + then + addmember majordom mailnull + fi + ;; +'Postfix') + changegroup nobody + ;; +'None') + echo "Fine. I see you want to make wrapper executable yourself." + ;; +*) + echo "Unknown MTA specified." + ;; +esac diff --git a/mail/majordomo/scripts/createuser b/mail/majordomo/scripts/createuser index ac9675a..f755b0b 100644 --- a/mail/majordomo/scripts/createuser +++ b/mail/majordomo/scripts/createuser @@ -59,11 +59,3 @@ if( $result ) { print "Failed to add/modify user majordom!\n"; exit 1; } - -## Add daemon to majordom group, to allow sendmail to call wrapper -## via direct pipes in /etc/mail/aliases -$result = system( "pw groupmod majordom -m daemon" ); -if( $result ) { - print "Failed to add/modify user majordom!\n"; - exit 1; -} |