Add wrapper permissions dialog(1) to make it easier for users to have
their majordomo wrapper program executed from their MDA. Remove old instructions for how this could be done manually. This also fixes the new majordomo/mailnull issue. Correct typo in post-install-notes (spotted by Dan Pelleg). PR: 30170
This commit is contained in:
parent
2da0affcd4
commit
7ee4337606
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=54331
@ -13,7 +13,7 @@ MASTER_SITES= ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \
|
||||
ftp://ftp.sgi.com/other/majordomo/1.94.5/
|
||||
EXTRACT_SUFX= .tgz
|
||||
|
||||
MAINTAINER= anders@fix.no
|
||||
MAINTAINER= anders@FreeBSD.org
|
||||
|
||||
.if defined(WITH_SHA1_COOKIES)
|
||||
RUN_DEPENDS= ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1
|
||||
@ -93,6 +93,7 @@ post-install:
|
||||
@ ${CHMOD} 755 ${PREFIX}/majordomo/lists/test-l-digest.archive
|
||||
@ ${CHMOD} 660 ${PREFIX}/majordomo/lists/*.passwd
|
||||
.if !defined(BATCH)
|
||||
@ ${SH} ${SCRIPTDIR}/adaptwrapper ${PREFIX}
|
||||
@ /usr/bin/more -e ${FILESDIR}/post-install-notes
|
||||
.endif
|
||||
|
||||
|
@ -26,23 +26,11 @@ manually:
|
||||
|
||||
or a line similar to the following to your m4 macros file :
|
||||
|
||||
define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo')
|
||||
define(`ALIAS_FILE',`/etc/aliases,/usr/local/majordomo/aliases.majordomo')
|
||||
|
||||
- consider using ports/mail/tlb to process your deliveries if you
|
||||
want to hide your outgoing aliases. This way you can prevent people
|
||||
from evading restrictions for posting to your lists.
|
||||
|
||||
- the user executing the commands of your local aliases must be added
|
||||
to your majordom group to be able to execute the setuid wrapper
|
||||
script. Sendmail does this as daemon by default, which is already
|
||||
added. The postfix port uses nobody by default, which should be
|
||||
changed to another user if your users can execute commands as user
|
||||
nobody (Apache/CGI comes to mind). Postfix does not do initgroups()
|
||||
properly, so you need to chgrp the wrapper script to the group of
|
||||
the default_privs user (this may apply for other MTAs as well) for
|
||||
it to work. It is important that you do this and not just make
|
||||
wrapper executable for all; you are increasing the chances of it
|
||||
getting exploited if you do.
|
||||
|
||||
Enjoy Majordomo!
|
||||
|
||||
|
68
mail/majordomo/scripts/adaptwrapper
Normal file
68
mail/majordomo/scripts/adaptwrapper
Normal file
@ -0,0 +1,68 @@
|
||||
#! /bin/sh
|
||||
# anders@FreeBSD.org, 2002-02-08
|
||||
|
||||
if [ -z "$1" ]
|
||||
then
|
||||
prefix=/usr/local/majordomo
|
||||
else
|
||||
prefix=$1/majordomo
|
||||
fi
|
||||
tempfile=`/usr/bin/mktemp -t radiolist`
|
||||
|
||||
/usr/bin/dialog --title "Making the majordomo wrapper run" --clear --radiolist "We need to make the majordomo wrapper program executable by your Mail\nDelivery Agent, but do not want it executable for all users due\nto security reasons.\n\n(This script can be re-executed from\n/usr/ports/mail/majordomo/scripts/adaptwrapper.)\n\nAdapt to the MDA of:" -1 -1 5 \
|
||||
Sendmail "(add users daemon/mailnull to the majordom group)" ON \
|
||||
Postfix "(change group ownership of wrapper to nobody)" OFF \
|
||||
2>$tempfile
|
||||
|
||||
if [ "$?" = "1" ]
|
||||
then
|
||||
echo "Cancel pressed. You will need to make wrapper executable yourself."
|
||||
fi
|
||||
|
||||
choice=`cat $tempfile`
|
||||
rm -f $tempfile
|
||||
if [ -z "$choice" ]
|
||||
then
|
||||
echo "Empty selection."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
addmember() {
|
||||
# $1: group $2: user
|
||||
if !(pw groupmod $1 -m $2 >/dev/null 2>&1)
|
||||
then
|
||||
echo "Error: Could not add user $2 to group $1."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
changegroup() {
|
||||
# $1: group
|
||||
mywrapper=$prefix/wrapper
|
||||
if !(chgrp $1 $mywrapper >/dev/null 2>&1)
|
||||
then
|
||||
echo "Error: Could not change group ownership of"
|
||||
echo "$mywrapper"
|
||||
echo "to group $1."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
case $choice in
|
||||
'Sendmail')
|
||||
addmember majordom daemon
|
||||
if (pw usershow mailnull >/dev/null 2>&1)
|
||||
then
|
||||
addmember majordom mailnull
|
||||
fi
|
||||
;;
|
||||
'Postfix')
|
||||
changegroup nobody
|
||||
;;
|
||||
'None')
|
||||
echo "Fine. I see you want to make wrapper executable yourself."
|
||||
;;
|
||||
*)
|
||||
echo "Unknown MTA specified."
|
||||
;;
|
||||
esac
|
@ -59,11 +59,3 @@ if( $result ) {
|
||||
print "Failed to add/modify user majordom!\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
## Add daemon to majordom group, to allow sendmail to call wrapper
|
||||
## via direct pipes in /etc/mail/aliases
|
||||
$result = system( "pw groupmod majordom -m daemon" );
|
||||
if( $result ) {
|
||||
print "Failed to add/modify user majordom!\n";
|
||||
exit 1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user