Tony Finch wrote: > On Tue, 4 Jul 2006, W B Hacker wrote: > >>Tony Finch wrote: >> >>>Not if you require that your users make the files globally readable. >> >>Is that easily done? And might we be creating a needless >>security hole? > > > Yes, it's easy, and it might be a privacy concern but it's unlikely to be > a security problem. > > >>STM that 'group' privs that Exim should have would be enough.. > > > Many systems don't allow you to give away ownership of files. > > Tony.
Exim being a member of the same 'group', and the files being group-readable should take care of that. Even LCD WinWoes has such capability. Setting 'world readable' on forwarding/alias preferences in itself should be harmless - after all, any incoming message from any correspondent is expected to use the information, so it is effectively 'public' in use even if not directly visible. BUT - on Unix, if these pref files reside inside the structure of the user's mailstore, be that a virtual-user Maildir or somewhere in ~/home or ~/var, they have to have different settings than the mask for the messages and their structure - which we DON'T want to be 'world readable' at all. Managing that difference properly (or not) is where the risk lies, IMHO. Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
