I guess I don't understand completely...see below... > > Here are the permissions on my mail dir..... > > > > drwxrwxrwt 4 root mail 151552 Feb 19 09:23 /var/mail > > Your directory (/var/mail) permission are OK since this allows > individual users to modify their own spools. Some will argue > (discuss?) that these permissions allow a type of DOS (A rogue user > COULD fill the spool and thus deny all other users mail) ...
What other permission options would there be? > > I'm not exactly sure how this happens, but I end up with the mail files > > having either one set of permissions or another. Both work fie, so > > there's no really adverse effects, but my security script complains each > > day. Anyhow, here is an example of each of the types... > > > > -rw-rw---- 1 user1 mail 11849 Feb 19 05:51 user1 > > -rw------- 1 user2 user 0 Feb 18 18:12 user2 > > The default spool (individual user spool) permissions are 600. (The > actual DEFAULT permissions are set in sendmail.cf thusly: > > # temporary file mode > O TempFileMode=0600 > ) What IS this temp file? Are they referring to the mail file or the /var/spool/mqueue/UGLYFILENAME file? > > I THINK that the local mailer may be responsible for the first type when > > we add a new user and they don't have a mail file yet. When they receive > > their first piece of mail, the file is created. > > Correct. Any idea why the local mailer (/usr/libexec/mail.local) would be giving group permissions to the mail file? They aren't really needed, are they?
