Re: #24510: procmail: procmail creates mailboxes with mode 660
On Tue, Jul 14, 1998 at 03:32:51PM +1000, Craig Small wrote:
> I believe this is done so that the mail agents, running as setgid mail are
> able to append mail messages to your mailbox. They generally don't run as
> root. At least in my inetd.conf:
>
> smtp stream tcp nowait mail /usr/sbin/exim exim -bs
The exim binary is suid root (it drops those priveliges pretty quickly, but
re-executes itself to get back root when needed). To do deliveries it runs
as foo.mail so the mailboxes do not need to be group read or writable. As
someone else has said, setgid mail isn't enough when the mailbox doesn't
already exist anyway.
Indeed, I use 0600 personally, and have not had any problems.
To do locking properly, all MUAs need to be setgid mail; having them able to
access anyone's mail is obviously not what is wanted. There are ways round
this, of course, but they rely on the MUA not having any bugs that can be
exploited.
I still don't understand the reason for the 0660.
--
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: