Bug#470994: mail_spool default mode is 0660
- To: Russ Allbery <rra@debian.org>, 470994@bugs.debian.org
- Subject: Bug#470994: mail_spool default mode is 0660
- From: Andrew McMillan <awm@debian.org>
- Date: Mon, 02 Feb 2009 12:37:06 +1100
- Message-id: <[🔎] 1233538626.8723.122.camel@happy.mcmillan.net.nz>
- Reply-to: Andrew McMillan <awm@debian.org>, 470994@bugs.debian.org
- In-reply-to: <87fxj7j6ls.fsf@windlord.stanford.edu> (sfid-20090126_124821_796969_341386CE)
- References: <20080315002725.GA24253@keid.carnet.hr> <20080315075713.GA24871@torres.zugschlus.de> <20080315125826.GA26018@keid.carnet.hr> <87mykvvroe.fsf@windlord.stanford.edu> <20080706111410.GA786@orion.carnet.hr> <87fxqmbzy3.fsf@windlord.stanford.edu> <87fxj7j6ls.fsf@windlord.stanford.edu> (sfid-20090126_124821_796969_341386CE)
On Sun, 2009-01-25 at 15:42 -0800, Russ Allbery wrote:
>
> This is a ping for this proposed change for additional seconds or
> objections. It would relax the requirement in Policy that mail spool
> files be mode 0660 and permit them to be mode 0600 if the MDA system used
> does deliveries as the user.
>
> > --- a/policy.sgml
> > +++ b/policy.sgml
> > @@ -8062,12 +8062,27 @@ http://localhost/doc/<var>package</var>/<var>filename</var>
> > </p>
> >
> > <p>
> > - Mailboxes are generally mode 660
> > - <tt><var>user</var>:mail</tt> unless the system
> > - administrator has chosen otherwise. A MUA may remove a
> > - mailbox (unless it has nonstandard permissions) in which
> > - case the MTA or another MUA must recreate it if needed.
> > - Mailboxes must be writable by group mail.
> > + Mailboxes are generally either mode 600 and owned by
> > + <var>user</var> or mode 660 and owned by
> > + <tt><var>user</var>:mail</tt><footnote>
> > + There are two traditional permission schemes for mail spools:
> > + mode 600 with all mail delivery done by processes running as
> > + the destination user, or mode 660 and owned by group mail with
> > + mail delivery done by a process running as a system user in
> > + group mail. Historically, Debian required mode 660 mail
> > + spools to enable the latter model, but that model has become
> > + increasingly uncommon and the principle of least privilege
> > + indicates that mail systems that use the first model should
> > + use permissions of 600. If delivery to programs is permitted,
> > + it's easier to keep the mail system secure if the delivery
> > + agent runs as the destination user. Debian Policy therefore
> > + permits either scheme.
> > + </footnote>. The local system administrator may choose a
> > + different permission scheme; packages should not make
> > + assumptions about the permission and ownership of mailboxes
> > + unless required (such as when creating a new mailbox). A MUA
> > + may remove a mailbox (unless it has nonstandard permissions) in
> > + which case the MTA or another MUA must recreate it if needed.
> > </p>
> >
> > <p>
I've read through the report in full and I'm happy to second this also.
Regards,
Andrew McMillan.
Reply to: