You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cleanup_amavisd_db.py and cleanup_db.py could be moved to "iredadmin" user's cron job since they are pure sql operations, but delete_mailboxes.py must be ran as root (or "vmail") user since it requires the privilege to remove files under /var/vmail/vmail1.
REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER:
Hi,
there are several scripts executed by root via cron.
The scripts themselves are owned by normal users:
e.g.
in: opt/www/iredadmin/tools:
are owned by iredadmin
This setting can be used for privilege escalation to root for this user.
Setting the shell to nologin doesn’t mitigate this completely.
Suggestion:
set the file owner for the scripts in root’s crontab to root:root,
remove ability to be written by user/world for them.
Sincerely,
Michael
The text was updated successfully, but these errors were encountered: