[ITP] postfix 2.11.3

Christian Franke Christian.Franke@t-online.de
Mon Nov 17 13:00:00 GMT 2014


Hi Corinna,

Corinna Vinschen wrote:
> Hi Christian,
>
> On Nov 13 23:48, Christian Franke wrote:
>> I would like to contribute the Postfix Mail Transfer Agent.
>>
>> http://www.postfix.org/
>>
>> Download:
>> wget -e robots=off -np -nH --cut-dirs=1 -R'index.html*' -r \
>>    http://chrfranke.no-ip.org/cygwin/x86/release/postfix \
>>    http://chrfranke.no-ip.org/cygwin/x86_64/release/postfix
>>
>> Important: It requires cygwin 1.7.33-1 (or a recent 1.7.33-0.X test
>> release). It does not work with 1.7.32-1.
>>
>> For a first test try 'postfix-config --dryrun'. See the /etc/postfix/main.cf
>> sample for some more info.
> Packaging looks basically ok, but I see a few problems in
> postfix-config:
>
> - The script uses passwd -R without asking the admin.  I'm not so sure
>    that's feasible.  The admin should have a say in the matter.

I agree and will add a csih_request there.


>    Also, is
>    passwd -R really required?  This is typically no necessary, unless you
>    potentially have to do stuff with native Windows tools (cron, sshd
>    session).  Postfix doesn't seem to be a candidate for that.

For example the postsuper admin tool always drops root permissions by
setuid/gid() to $mail_owner ('postfix') before doing anything interesting.
(postfix never uses chown(), BTW).

Could this really be done without passwd -R or cyglsa ?


>
> - The script still accesses /etc/group and /etc/passwd, but it should
>    not.  For reading there's getent available for quite some time now.
>    Creating accounts in /etc/passwd and /etc/group should depend on the
>    Cygwin version.

/etc/passwd is not accessed.

Yes, the first group 0 check should be replaced by getent, yes.

The other /etc/group modifications were only added because csih lacks a
csih_create_local_group function.


>    I prepared a matching function for testing this in
>    csih, which looks like this:
>
> # Routine: csih_use_file_etc passwd|group
> #   Check if /etc/passwd or /etc/group file is in use.
> #   On Cygwin versions < 1.7.33, files are always used.
> #   On Cygwin versions >= 1.7.33 it depends on /etc/nsswitch.conf.
> ...
> csih_use_file_etc()
> {
> ...
> } # === End of csih_use_file_etc() === #
> readonly -f csih_use_file_etc
>
>    Maybe you could just copy the method for now until I get my lazy
>    back to finish the work on csih?

OK.

If csih_use_file_etc returns false, all the script could do for now is
to refuse the creation of local users or groups.

The (files-only|non-domain|domain) complexity should be handled in csih,
IMO:

Something like:

   user=$(postconf -h mail_owner)

   # sets csih_cyg_user, csih_win_user, csih_user_exists
   csih_check_local_user_name "$user" || return 1

   if [ "$csih_cyg_user" != "$user" ]; then
     # In domain and $user has no prefix yet
     csih_inform ".... Some explanation ...."
     csih_request "Change mailowner from $user to $csih_cyg_user?"||
       return 1
     postconf -e "mail_owner=$csih_cyg_user"
   fi

   [ $csih_user_exists ] && return 0

   if [ "$csih_win_user" = "$csih_cyg_user" ]; then
     csih_request "Create user $csih_cyg_user"|| return 1
   else
     csih_request "Create Windows user $csih_win_user\
       for Cygwin user $csih_cyg_user"?|| return 1
   fi
   csih_create_unprivileged_user


>
> - I don't understand this one in create_postfix_accounts:
>
>      if /usr/bin/find / -maxdepth 0 -group "$setgid_group" >/dev/null 2>&1; then
>        [...]
>
>    What are you looking for in /?

Nothing :-) This fairly portable trick to check for group existence was
inherited from an older script. Should be replaced by getent, of course.

Thanks,
Christian





More information about the Cygwin-apps mailing list