| View previous topic :: View next topic |
| Author |
Message |
Jarry
n00b
Joined: 12 Jul 2005
Posts: 13
|
 Posted: Tue Aug 30, 2005 9:33 am Post subject: How to prohibit $HOME/.procmailrc ? |
 |
|
I have following problem: in my /etc/procmailrc there is:
DEFAULT=/var/spool/mail/$LOGNAME/
I redirected mail folders from /home to /var because I have different userquota for /var (100MB for mail) and /home (5GB for user files).
The question is: how can I block my users from using their personal $HOME/.procmailrc to overwrite my settings and use $HOME/.maildir as their mail-folder? Can I somehow tell procmail not to use /$HOME/.procmail files? Or at least that $DEFAULT setting? |
|
| Back to top |
|
 |
Spiffster
Tux's lil' helper
Joined: 27 Jun 2004
Posts: 119
Location: Nærum, Denmark
|
| Posted: Tue Aug 30, 2005 10:26 am Post subject: Which MTA? |
|
|
Which MTA are you using? Postfix, Qmail, Sendmail?
Is procmail invoked directly from the MTA, or does the user invoke it through his own .forward-file?
If you don't want users to filter their mail, is there even a reason to use procmail?
_________________
Mikkel Holm Olsen
AKA Spaceman Spiff
http://symlink.dk |
|
| Back to top |
|
|
Jarry
n00b
Joined: 12 Jul 2005
Posts: 13
|
| Posted: Tue Aug 30, 2005 12:25 pm Post subject: Re: Which MTA? |
|
|
| Spiffster wrote: | Which MTA are you using? Postfix, Qmail, Sendmail?
Is procmail invoked directly from the MTA, or does the user invoke it through his own .forward-file?
If you don't want users to filter their mail, is there even a reason to use procmail? |
Procmail is invoked from MTA, and I want to allow users filtering mails, but not to decide, in which folder they get all new mail. As I wrote, userquota for /home is much higher, than for /var. I simply want to keep the size of mailboxes on reasonably low level. But it is of no use, if I specify /var/spool/mail/$LOGNAME in /etc/procmailrc as mailbox, if every user can set it back to $HOME/.maildir in its personal .procmailrc file... |
|
| Back to top |
|
|
Spiffster
Tux's lil' helper
Joined: 27 Jun 2004
Posts: 119
Location: Nærum, Denmark
|
| Posted: Tue Aug 30, 2005 2:39 pm Post subject: why? |
|
|
| Jarry wrote: | | Procmail is invoked from MTA, and I want to allow users filtering mails, but not to decide, in which folder they get all new mail. As I wrote, userquota for /home is much higher, than for /var. I simply want to keep the size of mailboxes on reasonably low level. But it is of no use, if I specify /var/spool/mail/$LOGNAME in /etc/procmailrc as mailbox, if every user can set it back to $HOME/.maildir in its personal .procmailrc file... |
But if the users are allowed to use procmail for filtering, they could just make a rule that matches all mails and delivers in their home-dir, totally bypassing the default mailbox:
| Code: | :0:
/home/spiff/Mailbox |
So just forcing the DEFAULT-mailbox to some value will not change anything. Also with the user having two different quotas and you are trying to enforce a low limit on one of them, the user could always copy their mailboxes to their home-directory.
So, since AFAIK procmail is mainly designed to sort mails into separate mailboxes, I really think that the users can always work arround the quotas.
Even if you configure your MTA to not invoke procmail (and therefore not specifying a different mailbox), the user can still move things from his/her existing mailbox onto his/her homedir. I have a really hard time seeing exactly what it is you are trying to accomplish.
_________________
Mikkel Holm Olsen
AKA Spaceman Spiff
http://symlink.dk |
|
| Back to top |
|
|
nevynxxx
Veteran
Joined: 12 Nov 2003
Posts: 1123
Location: Manchester - UK
|
| Posted: Tue Aug 30, 2005 3:17 pm Post subject: Re: How to prohibit $HOME/.procmailrc ? |
|
|
| Jarry wrote: | | The question is: how can I block my users from using their personal $HOME/.procmailrc to overwrite my settings and use $HOME/.maildir as their mail-folder? Can I somehow tell procmail not to use /$HOME/.procmail files? Or at least that $DEFAULT setting? |
I really have to ask. Why do you care? If they want to waste their user quota with hordes of mail, let them.
Why is it your problem?
_________________
My Public Key
Wanted: Instructor in the art of Bowyery |
|
| Back to top |
|
|
bigfunkymo
Apprentice
Joined: 23 Jan 2004
Posts: 237
|
| Posted: Tue Aug 30, 2005 3:53 pm Post subject: |
|
|
create zero byte files in every home directory owned by root:root and chmod 0
_________________
[No package... Grabbing a set.] |
|
| Back to top |
|
|
nevynxxx
Veteran
Joined: 12 Nov 2003
Posts: 1123
Location: Manchester - UK
|
| Posted: Wed Aug 31, 2005 10:16 am Post subject: |
|
|
| bigfunkymo wrote: | | create zero byte files in every home directory owned by root:root and chmod 0 |
Doesn't work. Either:
1) You create that file as .procmailrc which means they cannot use proclaim to filter, which is not what the OP wants.
or
2) You take a guess at what they would call their mail folder, and create files to stop that, except they can call it anything. So you can't cover every eventuality.
_________________
My Public Key
Wanted: Instructor in the art of Bowyery |
|
| Back to top |
|
|
Spiffster
Tux's lil' helper
Joined: 27 Jun 2004
Posts: 119
Location: Nærum, Denmark
|
| Posted: Wed Aug 31, 2005 12:25 pm Post subject: |
|
|
Also under normal circumstances, a user can delete a file in his home-dir, even though he does not have read or write-permission to the file, as long as he has write-permissions to the directory. This could be prevented by setting the sticky-bit on the directory, but that may not be what you want.
_________________
Mikkel Holm Olsen
AKA Spaceman Spiff
http://symlink.dk |
|
| Back to top |
|
|
|
Networking & Security
