This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [ITP] postfix 2.11.3
- From: "Christian Franke" <Christian dot Franke at t-online dot de>
- To: "cygwin-apps at cygwin dot com" <cygwin-apps at cygwin dot com>
- Date: Mon, 17 Nov 2014 14:00:30 +0100
- Subject: Re: [ITP] postfix 2.11.3
- Authentication-results: sourceware.org; auth=none
- References: <20141117102717 dot GB13807 at calimero dot vinschen dot de>
- Reply-to: "Christian Franke" <Christian dot Franke at t-online dot de>
Hi Corinna,
Corinna Vinschen wrote:
> Hi Christian,
>
> On Nov 13 23:48, Christian Franke wrote:
>> I would like to contribute the Postfix Mail Transfer Agent.
>>
>> http://www.postfix.org/
>>
>> Download:
>> wget -e robots=off -np -nH --cut-dirs=1 -R'index.html*' -r \
>> http://chrfranke.no-ip.org/cygwin/x86/release/postfix \
>> http://chrfranke.no-ip.org/cygwin/x86_64/release/postfix
>>
>> Important: It requires cygwin 1.7.33-1 (or a recent 1.7.33-0.X test
>> release). It does not work with 1.7.32-1.
>>
>> For a first test try 'postfix-config --dryrun'. See the /etc/postfix/main.cf
>> sample for some more info.
> Packaging looks basically ok, but I see a few problems in
> postfix-config:
>
> - The script uses passwd -R without asking the admin. I'm not so sure
> that's feasible. The admin should have a say in the matter.
I agree and will add a csih_request there.
> Also, is
> passwd -R really required? This is typically no necessary, unless you
> potentially have to do stuff with native Windows tools (cron, sshd
> session). Postfix doesn't seem to be a candidate for that.
For example the postsuper admin tool always drops root permissions by
setuid/gid() to $mail_owner ('postfix') before doing anything interesting.
(postfix never uses chown(), BTW).
Could this really be done without passwd -R or cyglsa ?
>
> - The script still accesses /etc/group and /etc/passwd, but it should
> not. For reading there's getent available for quite some time now.
> Creating accounts in /etc/passwd and /etc/group should depend on the
> Cygwin version.
/etc/passwd is not accessed.
Yes, the first group 0 check should be replaced by getent, yes.
The other /etc/group modifications were only added because csih lacks a
csih_create_local_group function.
> I prepared a matching function for testing this in
> csih, which looks like this:
>
> # Routine: csih_use_file_etc passwd|group
> # Check if /etc/passwd or /etc/group file is in use.
> # On Cygwin versions < 1.7.33, files are always used.
> # On Cygwin versions >= 1.7.33 it depends on /etc/nsswitch.conf.
> ...
> csih_use_file_etc()
> {
> ...
> } # === End of csih_use_file_etc() === #
> readonly -f csih_use_file_etc
>
> Maybe you could just copy the method for now until I get my lazy
> back to finish the work on csih?
OK.
If csih_use_file_etc returns false, all the script could do for now is
to refuse the creation of local users or groups.
The (files-only|non-domain|domain) complexity should be handled in csih,
IMO:
Something like:
user=$(postconf -h mail_owner)
# sets csih_cyg_user, csih_win_user, csih_user_exists
csih_check_local_user_name "$user" || return 1
if [ "$csih_cyg_user" != "$user" ]; then
# In domain and $user has no prefix yet
csih_inform ".... Some explanation ...."
csih_request "Change mailowner from $user to $csih_cyg_user?"||
return 1
postconf -e "mail_owner=$csih_cyg_user"
fi
[ $csih_user_exists ] && return 0
if [ "$csih_win_user" = "$csih_cyg_user" ]; then
csih_request "Create user $csih_cyg_user"|| return 1
else
csih_request "Create Windows user $csih_win_user\
for Cygwin user $csih_cyg_user"?|| return 1
fi
csih_create_unprivileged_user
>
> - I don't understand this one in create_postfix_accounts:
>
> if /usr/bin/find / -maxdepth 0 -group "$setgid_group" >/dev/null 2>&1; then
> [...]
>
> What are you looking for in /?
Nothing :-) This fairly portable trick to check for group existence was
inherited from an older script. Should be replaced by getent, of course.
Thanks,
Christian