Commit 4f62cfef authored by Paul Cammish's avatar Paul Cammish
Browse files

Adjusted exim permissions

parent f1c9104c
......@@ -103,7 +103,7 @@ Require valid-user" > "${domain}/public/htdocs/stats/.htaccess"
if [ -d ${domain}/config ]; then
find "${domain}/config" \( -type f -o -type d \) \( ! -user sympl -o ! -group sympl \) ! -name 'dkim.key' ! -name 'dkim' ! -path '*ssl/sets*' -exec chown sympl:sympl {} \;
find "${domain}/config" \( -type f -o -type d \) \( ! -user sympl -o ! -group sympl \) ! -path '*ssl/sets*' -exec chown sympl:sympl {} \;
if [ -d "${domain}/config/ssl/sets" ]; then
find "${domain}/config/ssl/sets" \( ! -user sympl -o ! -group ssl-cert \) -exec chown sympl:ssl-cert {} \;
......@@ -111,12 +111,6 @@ Require valid-user" > "${domain}/public/htdocs/stats/.htaccess"
find "${domain}/config" \( -type f -a ! -perm 660 -exec chmod 660 {} \; \) -o \( -type d -a ! -perm 2771 -exec chmod 2771 {} \; \)
# The group doesn't exist if exim/sympl-mail is not installed.
if [ $( grep -c '^Debian-exim:' /etc/group ) == 1 ]; then
find "${domain}/config" -maxdepth 1 -type f \( -name 'dkim' -o -name 'dkim.key' \) \( ! -group Debian-exim -o ! -user sympl \) -exec chown sympl:Debian-exim {} \;
find "${domain}/config" -maxdepth 1 -type f \( -name 'dkim' -o -name 'dkim.key' \) ! -perm 640 -exec chmod 640 {} \;
fi
fi
# Enforce permissions for mailboxes directory
......@@ -124,7 +118,7 @@ Require valid-user" > "${domain}/public/htdocs/stats/.htaccess"
find "${domain}/mailboxes" \( -type f -o -type d \) \( ! -user sympl -o ! -group sympl \) -exec chown sympl:sympl {} \;
find "${domain}/mailboxes" \( -type f -a ! -perm 660 -exec chmod 600 {} \; \) -o \( -type d -a ! -perm 2700 -exec chmod 2700 {} \; \)
find "${domain}/mailboxes" \( -type f -a ! -perm 660 -exec chmod 660 {} \; \) -o \( -type d -a ! -perm 2770 -exec chmod 2770 {} \; \)
fi
......
......@@ -42,6 +42,15 @@ if ! ( groups Debian-exim | grep -q ssl-cert ) ; then
adduser Debian-exim ssl-cert > /dev/null 2>&1
fi
#
# Debian-exim also needs to be part of the sympl group, so it can read the
# files in <domain>/config/.
#
if ! ( groups Debian-exim | grep -q sympl ) ; then
echo "I: Adding Debian-exim user to sympl group"
adduser Debian-exim sympl > /dev/null 2>&1
fi
if ( grep -q '^AllowSupplementaryGroups \+false' /etc/clamav/clamd.conf ) ; then
echo "I: Allowing clamav to operate using its supplementary groups"
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment