On 2010-05-15 Andreas Hemel <[email protected]> wrote: > Package: exim4 > Version: 4.71-4 > Severity: normal
> According to bug #581434 the default umask on new installations will > change from 022 to 002. Debian uses user private groups, meaning every > user is in his own private group, that nobody else is a member of. Hello, This is not entirely correct. Debian uses user private groups *by* *default* but can also be set differently. Just take a look at the .debian.org machines, they do not use UPGs (except for alioth): ametz...@merkel:~$ getent passwd ametzler ametzler:x:2571:800:Andreas Metzler,,,,:/home/ametzler:/bin/bash ametz...@merkel:~$ getent group 800 Debian:x:800:cvs_boot ametz...@merkel:~$ groups Debian > This change makes it easier to setup additional collaboration groups > without the need to bug all partaking users to change their umask. > For further details see #581434 and the discussion on debian-devel > [1]. > Exim checks the permission bits on user .forward files and refuses to > deliver any mail if the .forward file is group writable. It does not > check if the user is the only member in the group associated with the > .forward file. In that case setting the group writable bit is save. The > change of the default umask causes all .forward files created on new > installs to have the group writable bit set by default. > If Exim refuses to deliver mail because of this, the user is not (and > probably can not be) notified and the only way to find out why mail is > not deliviered is looking at the log files, to which a regular user does > not have access. > I've reproduced this problem with both 4.71-4 from unstable and > 4.71-2~bpo50+1 from lenny-backports. With the latter version I even > completly lost some system mail. I realize that bounces could not be > deliviered because both the receiver and sender were essentially the > same user (with the 'broken' .forward permissions), but I do not > understand why these mails were dropped instead of being frozen. I could set modemask = 002 on the userforward router and make it overrideable by macro. Since we already set check_local_user the modemask setting switches on check_group. Exim will require that the .forward file is owned by the users primary group. (This could introduce breakage on upgrades if .forward is 0600 but owned by a different group delivery will break. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
