search

aio-libs / aiosmtpd

A reimplementation of the Python stdlib smtpd.py based on asyncio.
https://aiosmtpd.aio-libs.org
Apache License 2.0
313 stars 95 forks source link

Allow setting the user which we drop permissions to using suid. #370

Open alexmv opened 1 year ago

alexmv commented 1 year ago

What do these changes do?

We may want a different user than nobody when dropping permissions -- for example, if we intend to connect to a PostgreSQL database which does ident authentication.

Are there changes in behavior for the user?

No behaviour change.

Checklist

codecov[bot] commented 1 year ago

Codecov Report

Merging #370 (bedda90) into master (83168cd) will not change coverage. The diff coverage is 100.00%.

:exclamation: Current head bedda90 differs from pull request most recent head 9182c42. Consider uploading reports for the commit 9182c42 to get more accurate results

@@            Coverage Diff            @@
##            master      #370   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            7         7           
  Lines         1706      1707    +1     
  Branches       310       310           
=========================================
+ Hits          1706      1707    +1
Impacted Files Coverage Δ
aiosmtpd/main.py 100.00% <100.00%> (ø)

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

alexmv commented 1 year ago

Thanks for the review! I've repushed with your documentation change.

I do have a slight concern that there might be a better way to have the other connections made and then drop privileges to nobody... but I don't think that's necessarily a blocker here.

I don't think there is -- neither root nor nobody can auth, so both making the connections before or after calling suid(nobody) isn't feasible.

alexmv commented 1 year ago

Gentle nudge on this -- anything I can do to help move this forward?