On Dec 31, 14:56, Stephen C. Hill wrote:
Subject: Re: question...
On Tue, 31 Dec 1996, Sarah Worley wrote:
I dont know how to subscribe to the list, so I'm just sending mail
in hopes that it will get there successfully. I have been attempting
to install procmail on my system (Indy running Irix 6.2), I use the
emacs mail reader VM. Whenever procmail runs, it changes the
permissions on the mail spool to u+rw only. I need them to stay as
u+rw and g+rw. Unfortunately, I cant find the location in the
configs or the source for procmail to fix this. Can anyone tell me
where I should look to find them?
I'm a newbie WRT procmail, as well, but I'm guessing that the can be
laid at the feet of the umask that procmail is running under. I'm
sure that someone will correct me if I'm wrong.
See the attached message from Philip Guenther, and also note this
blurb from the MISCELLANEOUS sections of procmail(1) man page:
If /var/mail/$LOGNAME already is a valid mailbox, but has
got too loose permissions on it, procmail will correct this.
To prevent procmail from doing this make sure the u+x bit is
set.
Enjoy,
-sjk
--
Scott J. Kramer 811-X W. California Avenue
UNIX Software Consultant Sunnyvale, CA 94086, USA
<sjk(_at_)lux(_dot_)com> +1.408.736.9242
--- Begin Message ---
Chris Dent <cdent(_at_)detritus(_dot_)ucs(_dot_)indiana(_dot_)edu> writes:
procmail when writing to a user's spool file in a spool that is 1777
wants to write the file 600.
when the directory is 775 or something similar to that it is willing
to write it 660.
Due to some prior constraints we need to maintain the mail spool
directories on the machines in question as 1777.
...
But I'm afraid I can't figure out what to change. The source seems to
indicate that the screenmailbox function in misc.c controls what is
going on but from what I can tell it doesn't give much choice, i.e. it
throws away group write if the directory is world writable no matter
what.
Not quite. To very selectively quote the source:
...
if(!stat(buf,&stbuf))
{ unsigned wwsdir;
if(accspooldir=(wwsdir= /* world writable spool dir? */
(stbuf.st_mode&(S_IWGRP|S_IXGRP|S_IWOTH|S_IXOTH))==
(S_IWGRP|S_IXGRP|S_IWOTH|S_IXOTH))
<<1| /* note it in bit 1 */
uid==stbuf.st_uid) /* we own the spool dir, note it in bit 0 */
#ifdef TOGGLE_SGID_OK
;
#endif
rcst_nosgid(); /* we don't *need* setgid privs */
At this point uid contains the effective user that procmail is running
under, and buf contains the path of the mailspool (e.g., /var/mail).
Since your spool directory is has at least perms 777, wwsdir will be
set to at least 2.
if(uid!=stbuf.st_uid&& /* we don't own the spool directory */
(stbuf.st_mode&S_ISGID||!wwsdir)) /* it's not world writable */
{ if(stbuf.st_gid==egid) /* but we have setgid privs */
doumask(GROUPW_UMASK); /* make it group-writable */
goto keepgid;
}
Now since you want the "doumask(GROUPW_UMASK)" to execute, 3 conditions will
have to be met:
1) procmail's effective uid must _not_ match that of the spool directory
2) the setgid bit (S_ISGID) must be set on the spool directory
3) procmail's effective gid must match that of the spool directory
Meeting the second of those conditions is rather straight forward:
chmod g+s /the/spool/directory
The last conditions means that procmail should be setgid mail and
the spool directory should be group mail (if it isn't already).
Now the first condition is sorta tough. procmail either needs to *not*
be setuid root, or the spool directory needs to be owned by someone
other than root. I'd lean towards the first myself, but it's your
call.
I believe that under those constraints, procmail should deliver with
mode 660.
Philip Guenther
--- End Message ---