On Tue, Jan 06, 2004 at 09:59:31PM -0500, Ed Budd wrote:
> I've been working my way through the sendmail "bat" book (not
> *ALWAYS* the most exciting read but informative nonetheless) and
> have come across a recommendation to ensure that /var/spool/mqueue is
> set as root-owned with mode of 0700.
>
> However, it appears that by default the permissions on 5.1R are thus (at
> least on my two boxes):
>
> root:daemon
> drwxr-xr-x
>
> My question is: why are these permissions set this way or, perhaps more
> to the point, what (if anything) am I likely to break if I change them
> to the recommendations in the book?
It's the same in all recent version of FreeBSD. Having
/var/spool/mqueue as mode 755 means that anyone can use the 'mailq'
command to see how many messages are queued up. Of course, the queue
files themselves are generated mode 600 so you need to be root in
order to get any more information out of them, like who the message is
to and why it is sitting in the queue. Other commands like 'hoststat'
will be similarly affected.
Changing the /var/spool/mqueue directory permissions to 700 shouldn't
have any bad consequences for sendmail(8) itself though. The same is
not true of /var/spool/clientmqueue, which has to be at least mode 770
and owned by smmsp:smmsp
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp0.pgp
Description: PGP signature