On Mon, Apr 09, 2001 at 07:22:02AM -0500, Jaldhar H. Vyas wrote: > > Is it a problem that the spool files are not "rw" for the group? Postfix > > delivers that way. > > > > Then postfix is violating Debian policy. See > http://www.debian.org/doc/debian-policy/ch12.html#s12.6 . > > Actually the specific statement there is kind of ambiguous. > > "Mailboxes are generally 660 user.mail unless the user has chosen > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > otherwise." > ^^^^^^^^^^ > > Does that mean I have to support any kind of configuration a user could > possibly come up with? i would like to know why policy even suggests mailspools have 660 user.mail permissions, postfix being a sane mailer sets permissions to 600 user.mail. making mailspools writable by group mail does nothing but make a gid=mail exploit disasterous where it would ordinarily be rather boring. (especially if you change /var/mail permissions to 3775) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpmRoZ57NS6D.pgp
Description: PGP signature