New feature request

Mike Brudenell pmb1 at YORK.AC.UK
Fri Nov 7 09:03:59 GMT 2003


Greetings -

--On Thursday, November 6, 2003 6:44 pm +0000 Kevin Spicer
<kevins at BMRB.CO.UK> wrote:

> On Thu, 2003-11-06 at 18:14, Julian Field wrote:
>
> At 17:38 06/11/2003, you wrote:
>
>> I can't see the use of changing the owner or group on the Incoming Work
>> Dir, and it will slow things down quite a bit as I would have to chown
>> every single attachment of every message.
>> If you really want to be able to change this, please tell me!
>
> I really want to be able to set a group other than root in the Incoming
> work directory.  I don't care about owner.
>
> Couldn't this just be done by setting the effective group ID to whatever
> was selected in the config rather than having to chown or chgrp each
> file.

I'm afraid I've deleted the earlier messages of this thread but may have a
suggestion if I recall things rightly...

Am I right in thinking that you [Kevin?] are asking about setting the
owning group of files and directories created within the Incoming Work
and/or Quarantine directories?

If so then depending on your operating system and its filestore support
there may be a sneaky way for you to do this efficiently at that level,
rather than from within MailScanner.

Many operating systems permit the set-group-id to be set on directories and
interpret this with special meaning.  For example...

 *  On Solaris if a directory has the set-group-id bit set then any files
    or directories created within it are automatically set to be owned by
    the same group (but not user) as the owner of that directory.  From the
    'man chmod' page:

        20#0    Set group ID on execution if # is 7, 5, 3, or 1.

                Enable mandatory locking if # is 6, 4, 2, or 0.

                For directories, files are created with BSD semantics for
                propagation of the group ID.  With this option, files and
                subdirectories created in the directory inherit the group
                ID of the directory, rather than of the current process.
                It may be cleared only by using symbolic mode.

 *  On OS X the man page implies (I haven't tested it) the set-user-id bit
    can be set on a directory to cause files and subdirectories created
    within it to inherit both the owning user and group of its parent.  No
    mention is made of set-group-id only, but it may work and affect only
    the owning group:

        4000    (the set-user-ID-on-execution bit) Executable files with
                this bit set will run with effective uid set to the uid of
                the file owner.  Directories with the set-user-id bit set
                will force all files and sub-directories created in them to
                be owned by the directory owner and not by the uid of the
                creating process, if the underlying file system supports
                this feature: see chmod(2) and the suiddir option to
                mount(8).
        2000    (the set-group-ID-on-execution bit) Executable files with
                this bit set will run with effective gid set to the gid of
                the file owner.

I know from experience that set-group-id on directories does work on
Solaris.

However Defeat may yet be snatched from the jaws of Victory, as I *think*
that although a subdirectory created within a set-group-id parent directory
inherits its owning group it doesn't inherit the set-group-id mode.  If
this is indeed the case then any files created within the new subdirectory
won't then inherit its owning group.  (But it may be worth your
experimenting to see whether or not this is the case and/or the trick is
sufficient for your needs.)

Cheers,

Mike Brudenell

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *



More information about the MailScanner mailing list