Re: Email permissions - was Email embarrasment

[Rob Mahurin <robm@mad.scientist.com>]

On Sat, Apr 14, 2001 at 11:55:52AM +0200, Johann Spies wrote:
> Then I sent three test messages: one using xfmail (which is working
> again), one using netscape and one using the mail-command from the
> console.
> 
> As user hs I did a mailq with the following result: ...
> As root I did a mailq: ...
> 
> The netscape message was missing from hs' mailq.  Why?

This is almost normal, I think:

09:57 $ sudo mail -s test nobody@utk.edu < /dev/null 
Null message body; hope that's ok
09:58 $ mail -s test nobody@utk.edu < /dev/null 
Null message body; hope that's ok
09:58 $ mailq
 0m   315 14oQZL-0002Pi-00 <robm@mad.scientist.com>
          nobody@utk.edu

09:58 $ sudo mailq
 0m   289 14oQZJ-0002PV-00 <root@peon>
          nobody@utk.edu

 0m   315 14oQZL-0002Pi-00 <robm@mad.scientist.com>
          nobody@utk.edu

As root:

[/var/spool/exim/input]
10:03 # ls
total 4
-rw-------    1 mail     mail           19 Apr 14 09:58 14oQZJ-0002PV-00-D
-rw-------    1 mail     mail          472 Apr 14 09:58 14oQZJ-0002PV-00-H
-rw-------    1 mail     mail           19 Apr 14 09:58 14oQZL-0002Pi-00-D
-rw-------    1 mail     mail          580 Apr 14 09:58 14oQZL-0002Pi-00-H
[/var/spool/exim/input]
10:03 # grep root *
14oQZJ-0002PV-00-H:root 0 0
[more lines about root in root's message header]
[/var/spool/exim/input]
10:03 # grep alphenglor *
14oQZL-0002Pi-00-H:alphenglor 1000 1000
[more lines about alphenglor in alphenglor's message header]

>From the exim man page:

       If  Exim  is called under the name mailq, it behaves as if
       the option -bp were present before any other options. This
...
       -bp    List  the contents of the mail queue on the current
              output. If the -bp option is followed by a list  of
              message  ids,  then just those messages are listed.
              By default, this option lists only  those  messages
              submitted  by the calling user unless the caller is
              an admin user. The queue_list_requires_admin option
              can  be  set  false  to  allow  any user to see the
              entire queue.

So my guess from what you've said is that netscape is either being run
as root or is using some setuid program somewhere to feed its mail
into exim's queue (I seem to remember netscape having it's own program
called "movemail"?)

> I remember that either netscape or xfmail asked me to change the
> permissions on /var/mail to 01777.
> 
> That is not what it is on my system.  Can that be the cause of this
> all?

I have 

10:11 # ls -d /var/mail
drwxrwsr-x    2 root     mail         1024 Apr 14 09:57 /var/mail

which is 02775 and looks right to me.  If a Debian package asked you
to change the permissions on /var/mail, you should probably report
that as a bug against the package.

It seems that your messages are getting onto your queue.  Are they
still not getting delivered?  Try running exim -q -d as root and see
what it tells you.

Rob

-- 
No wonder you're tired!  You understood so much today.