Re: Initialization Script - Fetchmail [Resolved]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I suggested:
> daemon fetchmail -d 500 --fetchmailrc /etc/fetchmailrc

which Matt Florido used:
> start() {
>     echo -n $"Starting Fetchmail: "
>     /usr/bin/fetchmail -d 180 -f /etc/fetchmailrc
>     touch "$lockfile" && success || failure
>     RETVAL=$?
>     echo

I'm not sure whether I need to say this (I'd be interested in your
opinions on that), but:

A fetchmailrc, whether you leave it in /root or put it in /etc, has
e-mail passwords in it. You may not want everyone on the system to be
able to learn them. That includes "users" like apache (which is
*supposed* to read files off your hard disk and send them to the
network. It's possible that a sufficiently clever crack might make
apache try to read /etc/fetchmailrc).

So a fetchmailrc should be chmod 600 and owned by whichever user is
running fetchmail. [1]

James.

[1] Again, there are security benefits to *not* having root running
fetchmail, and one of these days I'll get round to creating a non-root
user to run fetchmail.

-- 
E-mail address: james | IT'S BECAUSE OF THE UNCERTAINTY PRINCIPLE.
@westexe.demon.co.uk  | 'What's that?'
                      | I'M NOT SURE.
                      |     -- "The Fifth Elephant", Terry Pratchett


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux