-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The second suggestion seemed very attractive, until I got lost on how to do that after some effort, given that udev is involved, and that dmix is being used, and documentation for alsa seems to be nonexistent. On top of that, I found that if I change defaults.pcm.ipc_gid audio to say defaults.pcm.ipc_gid greg , or any other group for that matter in /usr/share/alsa/alsa.conf, the devices are still in the audio group, even after a reboot. I was considering looking at the maildrop source this morning, and seeing if I could implement suggestion #1, and submit a patch to the author, but since at this point I'm looking for the easiest suggestion to implement with the least security compromise, if any, I'll try your suggestion before resorting to playing with the maildrop source. It isn't perfect as you said, but the worst that can happen is that somebody exploits a future security whole in aplay, and gets access as greg on the system. That's still not good, but it's better than exploiting aplay, and getting root access as the prize. After doing some web searching, I must say I'm surprised that nobody has pointed out this limitation before. After all, wanting to play certain sounds depending on who mail comes from isn't that unheard of. Thanks again. Greg On Wed, Oct 10, 2007 at 03:27:09AM -0400, Frank Carmickle wrote: > Hi Greg > > After beeting on this for three hours I have a solution but I don't like it to much. It's better then suid though. Use sudo +with a line like this in your sudoers file > > greg ALL= (greg) NOPASSWD:/usr/bin/aplay > > then drop in your .mailfilter file > `sudo -u greg aplay somefile` > > Like I said I don't like it that much but it does work and it doesn't allow anyone else to use aplay who isn't you. It also +runs aplay as you. > > HTH > --Frank > - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHDRyy7s9z/XlyUyARAv4IAJ98AGdpByrns5hZuHF42mzPbdgQzwCgkzlV +pKXvqp+e27NpdBww+XeCQM= =98sY -----END PGP SIGNATURE-----
