Date: Wed, 15 May 1996 10:50:12 -0700 (PDT) From: Jim Dennis <jimd@mistery.mcafee.com> To: mrm@Mole.ORG (M.R.Murphy) Cc: terry@lambert.org, freebsd-questions@freebsd.org, paul@riker.comcirc.com.au Subject: Re: Setting up user accounts but with no email access Message-ID: <199605151750.KAA30078@mistery.mcafee.com> In-Reply-To: <199605151332.GAA24831@meerkat.mole.org> from "M.R.Murphy" at May 15, 96 06:32:55 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > I am setting up a few user accounts on our WWW server so that users can > > > FTP to the server to post up their web pages into their relevant > > > web page directories. > > > > > > How can I disable email access for these users. ie. I dont want them > > > to have an email account, only an account to FTP files to. > > > > The easiest (grossest) way would be to define another name for > > the machine and *not* put in a Cw entry for it. > [...] > > Add the users to the password file as usual. Then put a different mailer > program instead of P=/usr/libexec/mail.local for Mlocal in /etc/sendmail.cf. > Do in your replacement program what you will. That replacement program > can be a script. Try this first to see how it behaves: > > #!/bin/sh > echo $@ >>/tmp/mail.log > exec /usr/libexec/mail.local $@ > > -- > Mike Murphy mrm@Mole.ORG +1 619 598 5874 Yuck! This sounds like a whole bunch of security problems just waiting to happen. (At least double quote the "$@")! You might use procmail as your local delivery agent. In you /etc/passwd file define all of the non-mail users to have the same $HOME directory (i.e. "/export/home/.nomail/") In that directory create a file named ".procmailrc" (or a suitable ".forward"). The procmail recipe in that directory can bounce all mail with a custom nasty gram. Advantages of this approach: procmail is designed to work as a local delivery agent issues of file locking and a variety of security considerations are already built-in. (don't just your shell or PERL code for security -- particularly when called via sendmail) procmail can be run non-suid and non-sgid (this approach doesn't *require* that procmail be installed in sendmail.cf as Mlocal). Disadvantages: I'm not sure of the exact requirements on ownership and permissions that this would require for the "home" directory and the .procmailrc I haven't done this -- so I might find some problem during implementation that I haven't foreseen here. Jim Dennis, System Administrator, McAfee Associates
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605151750.KAA30078>