From owner-freebsd-questions Wed May 15 10:55:24 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA09084 for questions-outgoing; Wed, 15 May 1996 10:55:24 -0700 (PDT) Received: from mistery.mcafee.com (jimd@mistery.mcafee.com [192.187.128.69]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA09073 for ; Wed, 15 May 1996 10:55:21 -0700 (PDT) Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id KAA30078; Wed, 15 May 1996 10:50:13 -0700 From: Jim Dennis Message-Id: <199605151750.KAA30078@mistery.mcafee.com> Subject: Re: Setting up user accounts but with no email access To: mrm@Mole.ORG (M.R.Murphy) Date: Wed, 15 May 1996 10:50:12 -0700 (PDT) Cc: terry@lambert.org, freebsd-questions@freebsd.org, paul@riker.comcirc.com.au In-Reply-To: <199605151332.GAA24831@meerkat.mole.org> from "M.R.Murphy" at May 15, 96 06:32:55 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > > I am setting up a few user accounts on our WWW server so that users can > > > FTP to the server to post up their web pages into their relevant > > > web page directories. > > > > > > How can I disable email access for these users. ie. I dont want them > > > to have an email account, only an account to FTP files to. > > > > The easiest (grossest) way would be to define another name for > > the machine and *not* put in a Cw entry for it. > [...] > > Add the users to the password file as usual. Then put a different mailer > program instead of P=/usr/libexec/mail.local for Mlocal in /etc/sendmail.cf. > Do in your replacement program what you will. That replacement program > can be a script. Try this first to see how it behaves: > > #!/bin/sh > echo $@ >>/tmp/mail.log > exec /usr/libexec/mail.local $@ > > -- > Mike Murphy mrm@Mole.ORG +1 619 598 5874 Yuck! This sounds like a whole bunch of security problems just waiting to happen. (At least double quote the "$@")! You might use procmail as your local delivery agent. In you /etc/passwd file define all of the non-mail users to have the same $HOME directory (i.e. "/export/home/.nomail/") In that directory create a file named ".procmailrc" (or a suitable ".forward"). The procmail recipe in that directory can bounce all mail with a custom nasty gram. Advantages of this approach: procmail is designed to work as a local delivery agent issues of file locking and a variety of security considerations are already built-in. (don't just your shell or PERL code for security -- particularly when called via sendmail) procmail can be run non-suid and non-sgid (this approach doesn't *require* that procmail be installed in sendmail.cf as Mlocal). Disadvantages: I'm not sure of the exact requirements on ownership and permissions that this would require for the "home" directory and the .procmailrc I haven't done this -- so I might find some problem during implementation that I haven't foreseen here. Jim Dennis, System Administrator, McAfee Associates