New feature request
Mike Brudenell
pmb1 at YORK.AC.UK
Fri Nov 7 09:03:59 GMT 2003
Greetings -
--On Thursday, November 6, 2003 6:44 pm +0000 Kevin Spicer
<kevins at BMRB.CO.UK> wrote:
> On Thu, 2003-11-06 at 18:14, Julian Field wrote:
>
> At 17:38 06/11/2003, you wrote:
>
>> I can't see the use of changing the owner or group on the Incoming Work
>> Dir, and it will slow things down quite a bit as I would have to chown
>> every single attachment of every message.
>> If you really want to be able to change this, please tell me!
>
> I really want to be able to set a group other than root in the Incoming
> work directory. I don't care about owner.
>
> Couldn't this just be done by setting the effective group ID to whatever
> was selected in the config rather than having to chown or chgrp each
> file.
I'm afraid I've deleted the earlier messages of this thread but may have a
suggestion if I recall things rightly...
Am I right in thinking that you [Kevin?] are asking about setting the
owning group of files and directories created within the Incoming Work
and/or Quarantine directories?
If so then depending on your operating system and its filestore support
there may be a sneaky way for you to do this efficiently at that level,
rather than from within MailScanner.
Many operating systems permit the set-group-id to be set on directories and
interpret this with special meaning. For example...
* On Solaris if a directory has the set-group-id bit set then any files
or directories created within it are automatically set to be owned by
the same group (but not user) as the owner of that directory. From the
'man chmod' page:
20#0 Set group ID on execution if # is 7, 5, 3, or 1.
Enable mandatory locking if # is 6, 4, 2, or 0.
For directories, files are created with BSD semantics for
propagation of the group ID. With this option, files and
subdirectories created in the directory inherit the group
ID of the directory, rather than of the current process.
It may be cleared only by using symbolic mode.
* On OS X the man page implies (I haven't tested it) the set-user-id bit
can be set on a directory to cause files and subdirectories created
within it to inherit both the owning user and group of its parent. No
mention is made of set-group-id only, but it may work and affect only
the owning group:
4000 (the set-user-ID-on-execution bit) Executable files with
this bit set will run with effective uid set to the uid of
the file owner. Directories with the set-user-id bit set
will force all files and sub-directories created in them to
be owned by the directory owner and not by the uid of the
creating process, if the underlying file system supports
this feature: see chmod(2) and the suiddir option to
mount(8).
2000 (the set-group-ID-on-execution bit) Executable files with
this bit set will run with effective gid set to the gid of
the file owner.
I know from experience that set-group-id on directories does work on
Solaris.
However Defeat may yet be snatched from the jaws of Victory, as I *think*
that although a subdirectory created within a set-group-id parent directory
inherits its owning group it doesn't inherit the set-group-id mode. If
this is indeed the case then any files created within the new subdirectory
won't then inherit its owning group. (But it may be worth your
experimenting to see whether or not this is the case and/or the trick is
sufficient for your needs.)
Cheers,
Mike Brudenell
--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811 FAX:+44-1904-433740
* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
More information about the MailScanner
mailing list