Bug#470994: mail_spool default mode is 0660
On Sat, Jul 05, 2008 at 04:26:25PM -0700, Russ Allbery wrote:
> > Okay, given that I see no rationale for the sentence "Mailboxes must be
> > writable by group mail.", I'm reassigning this to debian-policy.
>
> Here is a proposed change to loosen this requirement. Please comment.
> One concern that I have with allowing either permission scheme is that if
> an MUA needs to recreate the spool file, how should it know what
> permissions to use?
I guess we should grep the sources of a few MUAs (and MDAs) to see what they
do. In the meantime, the new phrasing is still much better than the current
text :)
> - Mailboxes are generally mode 660
> - <tt><var>user</var>:mail</tt> unless the system
> - administrator has chosen otherwise. A MUA may remove a
> - mailbox (unless it has nonstandard permissions) in which
> - case the MTA or another MUA must recreate it if needed.
> - Mailboxes must be writable by group mail.
> + Mailboxes are generally either owned by <var>user</var> and mode
> + 600 or owned by <tt><var>user</var>:mail</tt> and mode 660
> + unless the system administrator has chosen otherwise
I guess that the point of that run-on sentence is the understanding that
packages should not go out of their way to prevent such sysadmin changes,
so it would make sense to add a full stop after the two options and write
a proper new sentence about that.
> + <footnote>
> + There are two traditional permission schemes for mail spools:
> + mode 600 with all mail delivery done by processes running as
> + the destination user, or mode 660 and owned by group mail with
> + mail delivery done by a process running as a system user in
> + group mail. Historically, Debian required mode 660 mail
> + spools to enable the latter model, but that model has become
> + increasingly uncommon and principal of least privilege
Just a spelling fix - s/principal/the principle/
--
2. That which causes joy or happiness.
Reply to: