[Mimedefang] Group for security
Dirk the Daring
dirk at psicorps.org
Mon Feb 14 13:05:29 EST 2005
I'm installing MD v2.51 on Solaris v8, with Perl v5.8.5 and sendmail
v8.12.11. I have created a user account for mimedefang to run as, and
also an associated group. The group is the mimedefang user account
primary group. I've also added it as a secondary group for the non-root
administration user account.
I've installed MD to /opt/mimedefang
It is unwise to have the group ownership of that directory and its
sub-directory structures (including bin/, man/ and etc/) be the
mimedefang group? Is it unwise to have that mimedefang group have write
permissions to, say, the config file in etc/ ?
Does the group under which mimedefang runs matter? Or only the UID?
The mimedefang-related directories under /var/spool are owned by the
mimedefang user, but I wanted to add the associated group so the admin
user account can look in the spool and quarantine directories. Any
issues with that?
Basically, I'm trying to minimize the things I have to do as root.
This specific machine does not host user shell accounts. It is primarily
a mail relay, and its been thru extensive hardening. Practically every
thing that can be turned off or locked out has been done. Just need a
sanity check here.
More information about the MIMEDefang