On Tue, 1 Oct 1996, Alan K. Stebbens wrote:
We replaced /bin/mail with procmail as the local mailer (Mlocal) because
procmail correctly avoided NFS-locking problems, and it supported
user-configurable mail filtering, without compromising system security.
This is what we (those of us who actually manage the machines) would
like to do but it was shut down by the powers that be. They have a
series of relatively reasonable reasons and fears but it mostly comes
down to if it ain't broke for god's sake don't touch it.
* you can configure the permissions directly, by changing one of the
following defines in config.h:
#define UPDATE_MASK S_IXOTH /* bit set on mailboxes when mail
arrived */
#define OVERRIDE_MASK (S_IXUSR|S_ISUID|S_ISGID|S_ISVTX) /* if found
set */
/* the permissions on the mailbox will be left
untouched */
#define INIT_UMASK (S_IRWXG|S_IRWXO) /* ==
077 */
#define GROUPW_UMASK (INIT_UMASK&~S_IRWXG) /* ==
007 */
We did not find it necessary, however.
I figured this out. What I can't figure out is which one applies to
just the permissions of files written into the spool. Spool files have
to be 660, while mailbox files have to be 600. Which specific define
will allow me to control this?
* An alternative to having users use .forward files, is to create a file
of users who would leik to use procmail as their local delivery agent, and
use this file to initialize a class variable.
This is a good idea but I'm quite sure it wouldn't fly with the above
"ain't broke" rule. Also it would require another level of management
that we don't need or want: we've got ~65,000 accounts involved here.
We want procmail to be a user insitigated and controlled feature.
Hope this helps.
Yes it does. Thank you very much for your response.
--
Chris Dent <cdent(_at_)indiana(_dot_)edu>
http://detritus.ucs.indiana.edu/~cdent/