procmail
[Top] [All Lists]

Re: [Q] setting group id of mailbox

1999-04-24 10:50:16
Yiu Kin Ho <khyiu(_at_)glink(_dot_)net(_dot_)hk> writes:
On Sat, 24 Apr 1999, Philip Guenther wrote:
Let's back up a little.  _Why_ do you want the mailboxes to be mode 660?

It is because I want to backward compatible with mail.local or /bin/mail
in solaris and sendmail use them as the local mailer in case Procmail do
not fit our requirements or badly configuration(e.g. performance overhead,
no user filtering...)  Although I know procmail give me much more
extensions and features as a MUA, we have been using mail.local for years
and we must ensure fast recovery once we find our newly installed procmail
configuration problem.

That makes sense.  Alternatively, you could just do a "chmod g+w" if
you do change back.


You had previously asked:
I know I can "chmod g+s /var/mail" instead of "chmod o-w /var/mail".  I am
not sure what impact of this setting will be on security.  Anyone suggest?

I just checked the source and as long as the spool directory is not
owned by the user that procmail runs as, doing the "chmod g+s" will
solve both of your problems: procmail will set hte spool file to mode
660, group mail.

I would strongly suggest using a user besides 'nobody' -- user 'nobody'
is special to NFS and should not own _anything_.  I would suggest
creating a user 'mspool', or something like that, with a uid that's
different from that of every other account and make the mail spool be
the _only_ thing that user owns.


Philip Guenther

<Prev in Thread] Current Thread [Next in Thread>