summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranders <anders@FreeBSD.org>2002-02-08 01:56:26 +0000
committeranders <anders@FreeBSD.org>2002-02-08 01:56:26 +0000
commita62112efe80dc881ba31addff549f5b9b56e2887 (patch)
tree4f578de1f51a176222cd539edb5bb9c5eb44367a
parent2a68636168a8a982ff824017952d803a5a74e3fb (diff)
downloadFreeBSD-ports-a62112efe80dc881ba31addff549f5b9b56e2887.zip
FreeBSD-ports-a62112efe80dc881ba31addff549f5b9b56e2887.tar.gz
Add wrapper permissions dialog(1) to make it easier for users to have
their majordomo wrapper program executed from their MDA. Remove old instructions for how this could be done manually. This also fixes the new majordomo/mailnull issue. Correct typo in post-install-notes (spotted by Dan Pelleg). PR: 30170
-rw-r--r--mail/majordomo/Makefile3
-rw-r--r--mail/majordomo/files/post-install-notes14
-rw-r--r--mail/majordomo/scripts/adaptwrapper68
-rw-r--r--mail/majordomo/scripts/createuser8
4 files changed, 71 insertions, 22 deletions
diff --git a/mail/majordomo/Makefile b/mail/majordomo/Makefile
index d3a7913..fece3f3 100644
--- a/mail/majordomo/Makefile
+++ b/mail/majordomo/Makefile
@@ -13,7 +13,7 @@ MASTER_SITES= ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \
ftp://ftp.sgi.com/other/majordomo/1.94.5/
EXTRACT_SUFX= .tgz
-MAINTAINER= anders@fix.no
+MAINTAINER= anders@FreeBSD.org
.if defined(WITH_SHA1_COOKIES)
RUN_DEPENDS= ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1
@@ -93,6 +93,7 @@ post-install:
@ ${CHMOD} 755 ${PREFIX}/majordomo/lists/test-l-digest.archive
@ ${CHMOD} 660 ${PREFIX}/majordomo/lists/*.passwd
.if !defined(BATCH)
+ @ ${SH} ${SCRIPTDIR}/adaptwrapper ${PREFIX}
@ /usr/bin/more -e ${FILESDIR}/post-install-notes
.endif
diff --git a/mail/majordomo/files/post-install-notes b/mail/majordomo/files/post-install-notes
index 286a06a..4729dc9 100644
--- a/mail/majordomo/files/post-install-notes
+++ b/mail/majordomo/files/post-install-notes
@@ -26,23 +26,11 @@ manually:
or a line similar to the following to your m4 macros file :
- define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo')
+ define(`ALIAS_FILE',`/etc/aliases,/usr/local/majordomo/aliases.majordomo')
- consider using ports/mail/tlb to process your deliveries if you
want to hide your outgoing aliases. This way you can prevent people
from evading restrictions for posting to your lists.
- - the user executing the commands of your local aliases must be added
- to your majordom group to be able to execute the setuid wrapper
- script. Sendmail does this as daemon by default, which is already
- added. The postfix port uses nobody by default, which should be
- changed to another user if your users can execute commands as user
- nobody (Apache/CGI comes to mind). Postfix does not do initgroups()
- properly, so you need to chgrp the wrapper script to the group of
- the default_privs user (this may apply for other MTAs as well) for
- it to work. It is important that you do this and not just make
- wrapper executable for all; you are increasing the chances of it
- getting exploited if you do.
-
Enjoy Majordomo!
diff --git a/mail/majordomo/scripts/adaptwrapper b/mail/majordomo/scripts/adaptwrapper
new file mode 100644
index 0000000..1c4d4fd
--- /dev/null
+++ b/mail/majordomo/scripts/adaptwrapper
@@ -0,0 +1,68 @@
+#! /bin/sh
+# anders@FreeBSD.org, 2002-02-08
+
+if [ -z "$1" ]
+then
+ prefix=/usr/local/majordomo
+else
+ prefix=$1/majordomo
+fi
+tempfile=`/usr/bin/mktemp -t radiolist`
+
+/usr/bin/dialog --title "Making the majordomo wrapper run" --clear --radiolist "We need to make the majordomo wrapper program executable by your Mail\nDelivery Agent, but do not want it executable for all users due\nto security reasons.\n\n(This script can be re-executed from\n/usr/ports/mail/majordomo/scripts/adaptwrapper.)\n\nAdapt to the MDA of:" -1 -1 5 \
+Sendmail "(add users daemon/mailnull to the majordom group)" ON \
+Postfix "(change group ownership of wrapper to nobody)" OFF \
+2>$tempfile
+
+if [ "$?" = "1" ]
+then
+ echo "Cancel pressed. You will need to make wrapper executable yourself."
+fi
+
+choice=`cat $tempfile`
+rm -f $tempfile
+if [ -z "$choice" ]
+then
+ echo "Empty selection."
+ exit 1
+fi
+
+addmember() {
+# $1: group $2: user
+ if !(pw groupmod $1 -m $2 >/dev/null 2>&1)
+ then
+ echo "Error: Could not add user $2 to group $1."
+ exit 1
+ fi
+}
+
+changegroup() {
+# $1: group
+ mywrapper=$prefix/wrapper
+ if !(chgrp $1 $mywrapper >/dev/null 2>&1)
+ then
+ echo "Error: Could not change group ownership of"
+ echo "$mywrapper"
+ echo "to group $1."
+ exit 1
+ fi
+}
+
+case $choice in
+'Sendmail')
+ addmember majordom daemon
+ if (pw usershow mailnull >/dev/null 2>&1)
+ then
+ addmember majordom mailnull
+ fi
+ ;;
+'Postfix')
+ changegroup nobody
+ ;;
+'None')
+ echo "Fine. I see you want to make wrapper executable yourself."
+ ;;
+*)
+ echo "Unknown MTA specified."
+ ;;
+esac
diff --git a/mail/majordomo/scripts/createuser b/mail/majordomo/scripts/createuser
index ac9675a..f755b0b 100644
--- a/mail/majordomo/scripts/createuser
+++ b/mail/majordomo/scripts/createuser
@@ -59,11 +59,3 @@ if( $result ) {
print "Failed to add/modify user majordom!\n";
exit 1;
}
-
-## Add daemon to majordom group, to allow sendmail to call wrapper
-## via direct pipes in /etc/mail/aliases
-$result = system( "pw groupmod majordom -m daemon" );
-if( $result ) {
- print "Failed to add/modify user majordom!\n";
- exit 1;
-}
OpenPOWER on IntegriCloud