Index: milter-greylist.8 --- milter-greylist.8.orig 2006-08-30 22:50:42 +0200 +++ milter-greylist.8 2006-12-31 09:57:22 +0100 @@ -46,7 +46,7 @@ [\fB-r\fR] [\fB-S\fR] [\fB-T\fR] -[\fB-u \fIusername\fR] +[\fB-u \fIusername\fR[:\fIgroupname\fR]] [\fB-v\fR] [\fB-w \fIgreylist_delay\fR] [\fB-L \fIcidrmask\fR] @@ -235,10 +235,12 @@ .I rcpt lines have been deprecated in favor of ACL, so do not use it. .TP -.B -u \fIusername\fR +.B -u \fIusername\fR[:\fIgroupname\fR] Drop root privileges and switch to .I username -credentials. Make sure this user has write access to +(and optionally +.IR groupname ) +credentials. Make sure this user (and group) has write access to .I greylist.db\fR. Equivalent to the .I user @@ -308,6 +310,7 @@ Alexandre Cherif, Eugene Crosser, Elrond, +Ralf S. Engelschall, Cyril Guibourg, Klas Heggemann, Matthieu Herrb, Index: milter-greylist.c --- milter-greylist.c.orig 2006-12-29 19:32:44 +0100 +++ milter-greylist.c 2006-12-31 09:58:12 +0100 @@ -1313,6 +1313,11 @@ */ if (conf.c_user != NULL) { struct passwd *pw = NULL; + struct group *gr = NULL; + char *c_group = NULL; + + if ((c_group = strchr(conf.c_user, ':')) != NULL) + *c_group++ = '\0'; if ((pw = getpwnam(conf.c_user)) == NULL) { mg_log(LOG_ERR, "%s: cannot get user %s data: %s", @@ -1320,6 +1325,15 @@ exit(EX_OSERR); } + if (c_group != NULL) { + if ((gr = getgrnam(c_group)) == NULL) { + mg_log(LOG_ERR, "%s: cannot get group %s data: %s", + argv[0], c_group, strerror(errno)); + exit(EX_OSERR); + } + pw->pw_gid = gr->gr_gid; + } + #ifdef HAVE_INITGROUPS if (initgroups(conf.c_user, pw->pw_gid) != 0) { mg_log(LOG_ERR, "%s: cannot change " @@ -1370,6 +1384,9 @@ * Here we go! */ conf_release(); + umask(S_IWOTH); + smfi_opensocket(1); + umask(S_IWGRP|S_IWOTH); exitval = smfi_main(); mg_log(LOG_ERR, "smfi_main() returned %d", exitval); @@ -1396,7 +1413,7 @@ mg_log(LOG_ERR, " [-f configfile] [-h] [-l] [-q] [-r] [-S] [-T]"); mg_log(LOG_ERR, - " [-u username] [-v] [-w greylist_delay] [-L cidrmask]"); + " [-u username[:groupname]] [-v] [-w greylist_delay] [-L cidrmask]"); mg_log(LOG_ERR, " [-M prefixlen] [-P pidfile] -p socket"); exit(EX_USAGE);