On Mon, Nov 30, 2009 at 4:29 PM, Philip Guenther <[email protected]> wrote: > On Mon, 30 Nov 2009, Antoine Jacoutot wrote: >> Any procmail users around? >> I just use procmail in a minimal way, but I'm annoyed by the fact that >> it creates mailbox group writable under /var/mail/. I don't see a reason >> for it and it also makes the security script complains about the perms. >> >> Does anyone know of a reason why procmail would use a umask of 007? >> If not, could we consider the following: > > "Insufficient details" > > How are you invoking procmail? Via FEATURE(`local_procmail') or via a > .forward file? Are the users involved just members of group wheel (the > group of /var/mail), or is group wheel their primary group? > > procmail's algorithm for deciding how to handle the user's mail spool is, > well, too elaborate, in an attempt to use the same logic for all sorts of > systems. Part of the logic is that if the spool dir is not world writable > and the gid that procmail is running as is the same as the group of the > spool dir, then it figures new mailboxes should be owned by that group and > group writable. > > (So that's another possible workaround: change the group of the spool to > something that no one is a member of.)
I believe, that would cause security to complain about group ownership of the spool directory; which is the original reason OP started this thread. --patrick
