On Sat, Jul 02, 2005 at 01:01:51AM +0200, Oliver Fuchs wrote:
>
> Problem:
> using procmail as local mailer sets the wrong permissions in /var/mail.
>
>
> Question:
> So my issue is that using procmail as local mailer sets the wrong
> permissions.
> Is this now less important and known or is it a security
> risk?
> And is the only way to avoid setting this permissions to change them in
> /var/mail by hand?
>
hi. i'm not sure about `wrong', but procmail does appear to create
mailboxes 660, with the group id of /var/mail (`wheel').
/etc/security complains if a mailbox is not 600. i don't know if it
checks the group id or not, but normal is to use the user's default group,
i think.
i don't know about security risk, but you can:
* alter the relevant file in /etc/mtree to not complain about perms
* alter perms in /var/mail/(mailbox) by hand
* alter procmail source
* alter sendmail config (the local mailer define, i mean)
* put up with it
* something else i haven't thought of
it is a bit of a pain, i agree. i spent a morning looking at this, and
didn't come up with much. this issue came up as a netbsd pr (#18788)
a few years ago, and they eventually closed it as "3rd party software
issue, please complain to procmail maintainer". you could try that
to.
http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=18788
if anyone else has a more elegant solution, i'd love to know it. there
are other issues with running non-base stuff like this (perms to use and
so on), so i guess the winning solution is to run what is in base, since
it all works nicely together.
jmc
