Bug#470994: mail_spool default mode is 0660
Josip Rodin <joy@debbugs.entuzijast.net> writes:
> Okay, given that I see no rationale for the sentence "Mailboxes must be
> writable by group mail.", I'm reassigning this to debian-policy.
Here is a proposed change to loosen this requirement. Please comment.
One concern that I have with allowing either permission scheme is that if
an MUA needs to recreate the spool file, how should it know what
permissions to use?
diff --git a/policy.sgml b/policy.sgml
index 24c9072..f794ed5 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -8046,12 +8046,24 @@ http://localhost/doc/<var>package</var>/<var>filename</var>
</p>
<p>
- Mailboxes are generally mode 660
- <tt><var>user</var>:mail</tt> unless the system
- administrator has chosen otherwise. A MUA may remove a
- mailbox (unless it has nonstandard permissions) in which
- case the MTA or another MUA must recreate it if needed.
- Mailboxes must be writable by group mail.
+ Mailboxes are generally either owned by <var>user</var> and mode
+ 600 or owned by <tt><var>user</var>:mail</tt> and mode 660
+ unless the system administrator has chosen otherwise<footnote>
+ There are two traditional permission schemes for mail spools:
+ mode 600 with all mail delivery done by processes running as
+ the destination user, or mode 660 and owned by group mail with
+ mail delivery done by a process running as a system user in
+ group mail. Historically, Debian required mode 660 mail
+ spools to enable the latter model, but that model has become
+ increasingly uncommon and principal of least privilege
+ indicates that mail systems that use the first model should
+ use permissions of 600. If delivery to programs is permitted,
+ it's easier to keep the mail system secure if the delivery
+ agent runs as the destination user. Debian Policy therefore
+ permits either scheme.
+ </footnote>. A MUA may remove a mailbox (unless it has
+ nonstandard permissions) in which case the MTA or another MUA
+ must recreate it if needed.
</p>
<p>
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: