> Date: Wed, 19 Feb 2003 09:33:09 -0800 (PST) > From: Rick Kunkel <[EMAIL PROTECTED]> > > Heya all, > > I've had a slightly confusing prob that hasn't had a negative effect on > anything, so I've never really taken care of it, but I figured it was time > to ask... > > Here are the permissions on my mail dir..... > > drwxrwxrwt 4 root mail 151552 Feb 19 09:23 /var/mail
Your directory (/var/mail) permission are OK since this allows individual users to modify their own spools. Some will argue (discuss?) that these permissions allow a type of DOS (A rogue user COULD fill the spool and thus deny all other users mail) ... > I'm not exactly sure how this happens, but I end up with the mail files > having either one set of permissions or another. Both work fie, so > there's no really adverse effects, but my security script complains each > day. Anyhow, here is an example of each of the types... > > -rw-rw---- 1 user1 mail 11849 Feb 19 05:51 user1 > -rw------- 1 user2 user 0 Feb 18 18:12 user2 The default spool (individual user spool) permissions are 600. (The actual DEFAULT permissions are set in sendmail.cf thusly: # temporary file mode O TempFileMode=0600 ) If 'something' sets ANY OTHER permissions, those permissions are preserved even when the spool is 'empty'. (The file is not deleted and you have an empty file.) > I THINK that the local mailer may be responsible for the first type when > we add a new user and they don't have a mail file yet. When they receive > their first piece of mail, the file is created. Correct. Hope this helps. regards, Gregory Hicks > By the way, the local mailer runs as root, sendmail runs as root, and I > believe that qpopper runs as the user. We're running qpopper in > stand-alone and server mode. > > To tell you the truth, I'm not completely sure, and I haven't taken the > time to experiment, which means I probably shouldn't even have written > this email yet, but I thought that if it was something horribly obvious or > well known, someone could throw a suggestion my way... > > Thanks! > > Rick Kunkel > > ------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400 San Jose, CA 95134 | Internet: [EMAIL PROTECTED] "The trouble with doing anything right the first time is that nobody appreciates how difficult it was." When a team of dedicated individuals makes a commitment to act as one... the sky's the limit. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
