Initialization Script - Fetchmail [Resolved]
James Wilkinson
james at westexe.demon.co.uk
Thu Mar 17 23:22:36 UTC 2005
I suggested:
> daemon fetchmail -d 500 --fetchmailrc /etc/fetchmailrc
which Matt Florido used:
> start() {
> echo -n $"Starting Fetchmail: "
> /usr/bin/fetchmail -d 180 -f /etc/fetchmailrc
> touch "$lockfile" && success || failure
> RETVAL=$?
> echo
I'm not sure whether I need to say this (I'd be interested in your
opinions on that), but:
A fetchmailrc, whether you leave it in /root or put it in /etc, has
e-mail passwords in it. You may not want everyone on the system to be
able to learn them. That includes "users" like apache (which is
*supposed* to read files off your hard disk and send them to the
network. It's possible that a sufficiently clever crack might make
apache try to read /etc/fetchmailrc).
So a fetchmailrc should be chmod 600 and owned by whichever user is
running fetchmail. [1]
James.
[1] Again, there are security benefits to *not* having root running
fetchmail, and one of these days I'll get round to creating a non-root
user to run fetchmail.
--
E-mail address: james | IT'S BECAUSE OF THE UNCERTAINTY PRINCIPLE.
@westexe.demon.co.uk | 'What's that?'
| I'M NOT SURE.
| -- "The Fifth Elephant", Terry Pratchett
More information about the fedora-list
mailing list