[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#470994: mail_spool default mode is 0660

On Tue, Mar 18, 2008 at 09:50:09AM -0700, Russ Allbery wrote:
> Josip Rodin <joy@debbugs.entuzijast.net> writes:
> > On Mon, Mar 17, 2008 at 09:56:52PM -0700, Russ Allbery wrote:
> >> I don't know what the original Debian rationale was, but the
> >> traditional UNIX rationale for group-writable user mail spools is so
> >> that you don't have to run your mail system as root and can instead run
> >> it as some other user in group mail.
> >> However, everyone seems to have given up on that or at least uses a
> >> setuid-root MDA, so I'm not sure it's serving any real purpose at this
> >> point.
> > Or they don't use root at all for the MDA, instead setuid'ing to the
> > user itself. See also #405584.
> In order to deliver mail as the user, *something* has to be either running
> as root or setuid.  That's basically my point.

That's why I said no root for MDA - it's there for the MTA :)

> Group-writable mail spools allow the entire mail delivery chain to never
> run as root (with the possible exception of binding to port 25 if you want
> to accept incoming SMTP traffic), as long as you don't care about
> forwarding to programs.
> I don't know if we care about supporting this, though.

Right. I don't think I've ever actually seen such an implementation.
So it doesn't seem to make sense to enforce this by way of a "must"
directive in the policy manual, and at the expense of user privacy
in case of security problems.

     2. That which causes joy or happiness.

Reply to: