Hi. On Sun, Feb 23, 2020 at 05:31:21PM +0100, l0f...@tuta.io wrote: > What is the best practice please to allow a program to write its logs into my > home folder?
Normally I follow "give the asking one whatever's asked" rule, but here I just have to ask - what exactly you've achieved here, in your option? > But I could have done it differently: > 1) via ACL: setfacl -m u:msmtp:rw /home/l0f4r0/.msmtp.log [OR] setfacl -m > g:msmtp:rw /home/l0f4r0/.msmtp.log Clever, but not any filesystem supports ACL. And you would have created a problem by your own hands if you're doing backups (depends on a type of a backup, of course). > 2) via group management: sudo adduser msmtp l0f4r0 Bad idea. They keep that user (and others like him) devoid of typical interactive users' groups to limit possible damage to users' files in case of Remote Code Execution in a daemon in discovered and exploited. You *could* counter that with Apparmor, but that's akin to a drilling a large hole in a wall and applying a painted sheet of plastic upon it. > Is there a good practice out there? Maybe one I haven't listed? A conventional way is simple - do not deviate from distribution defaults (in this case - logging to a package-assigned file). In this case such approach solves numerous issues with log rotating, log gathering, log analyzing etc. Of course, there are cases of legitimate needs to deviate from distribution defaults. I'd like to hear yours. > _NB_: by the way, does anybody have a tip to know what user account is > used during a specific command please? For example when using > echo -e "Subject: mySubject\nThis is myBody" | msmtp my_email_address Something like this should do it: cat << EOF | msmtp my_email_address From: myFrom <fakeu...@fakedomain.tld> Subject: mySubject This is myBody EOF It won't fool an MTA, of course (you won't override Envelope-From *that* easy), but it will show up nicely in your e-mail client. If you need to do it for real - consider using "mail" from "bsd-mailx" package. > how can I know for sure which service/technical account is used for > writing msmtp logs? Try executing "ps -ef | grep msmtp". Reco
