On Tue, 2003-07-01 at 03:46, John Haxby wrote: > >Or it is safer (from security point of view) to use: > > > >DontBlameSendmail=forwardfileinunsafedirpath,forwardfileinunsafedirpaths > >afe > > > >as Scott mentioned ?? > > > > > > If sendmail is warning you about a security problem the right thing to > do is fix the problem, not turn off the warning. You don't fix a > tendancy to lock your keys in your house by disabling the lock do you? > Or leave you car unlocked and wire a switch in so that you don't need to > remember your keys. Security warnings are there for a reason, don't > turn them off *unless* you know exactly what you are doing, why you are > doing it and exactly why the security risks can be tolerated. And then > don't do it :-) > > jch > Christos, John is right it is best to fix the problem. But I don't think you can have a non-group writable forward file (I'm not sure cause I don't allow em anyway). I gave the method that allows you to use group writable forward files with sendmail if that is what you have to be using. This is documented in the sendmail documentation. I did not intend to address security. I only repeated what the sendmail docs suggest should you have to allow the use of group writable forward files. John also gave you excellent advice on setting up the user without a home directory specified. I would go a step further and explain that I have a few users who I don't give a shell to. But I do allow them to login only to change their password. To do this I editied /etc/shells and added /usr/bin/passwd as a choice. Now when a user I give that shell to logs in they are given only a chance to change thier passwd and cannot do anything else. Scott
