[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Courier Authdeamon problem after upgrade

On Thu, Aug 26, 2021 at 10:21:55AM +0200, Philipp Ewald wrote:
> Thank you for your advise!
> 
> i will add user to mail group and try again.

That is absolutely *not* what I advised.  Ordinary users should not
be in the "mail" or "courier" group.  Those groups are for mail
programs/daemons only.  Putting a user in the mail group will (among
other things) allow that user to delete *other* users' mailboxes
from /var/mail/, if you keep them there.

drwxrwsr-x 2 root mail 4096 Jan 11  2018 /var/mail/

Your original plan (change the permissions on the /run subdirectory)
is better than that, even if it means your system is "vulnerable" to
the information disclosure that the change is trying to prevent.  The
severity of this disclosure depends on what type of users you have on
your system.  If it's just you, then there's nothing to worry about.

If you have multiple real human users on your system and feel that
keeping your password hashes a secret is a high priority, then you
should talk to the maildrop support people and see what *they* suggest.
Reply to: