[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions of /var/spool/mail

On Mon, Nov 23, 1998 at 02:45:59PM +0100, Rainer Dorsch wrote:
> A collegue of mine found out that the /var/spool/mail permission on a Debian 
> system are non-standard:
> drwxrwsr-t   2 root     mail         1024 Nov 23 14:23 mail 
> (as compared e.g. to a SUN
> drwxrwxrwt   3 root     mail        5632 Nov 23 14:44 mail
> )

First off, Sun does noy create standards (not saying that this is always
the case, but they aren't then end all standard). The Solaris/SunOS
solution you show is not always good in that any one can create files in
the spool directory, since it is treated just as any other temp directory.
Where as the debian permissions only allow group mail or user root to
create files, while the owner of the files (ie. the owner being the user
who owns that mail file) can still modify their own mail spool.

It is better, IMHO. Even if it was a standard, I still convert all of my
solaris boxes to a similar format. World writable mail spools even with
+t are an exploit waiting to happen from poorly written software used by
unsuspecting admins.

-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation

Reply to: