procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Directory and Mailbox permissions?

2000-07-17 00:14:08
from [Dallman Ross] [Permanent Link] 
I found this at
http://www.procmail.org/jari/pm-tips-body.html#procmail_change
s_mailbox_and_directory

" when the UMASK environment variable is more restrictive
than the mode of the mailbox, procmail changes the mode of
the mailbox. The default value of UMASK is 077. If you want
to preserve the group access to your mailbox, I think you
can set UMASK to 007 in the rcfile:

             UMASK = 007

Further note: the above UMASK suggestion in .procmailrc does
not work. See comment by Gjermund Sørseth gjermund(_at_)nextel(_dot_)no "

It is true, I tried this and it didn't work.. My system does
not use ACLs..


It works.  It works for me on two different systems.  On is under
Sun4, the other, a SuSE linux box.  The first uses 3.11pre4, the
second, 3.11pre7.

You have to delete (or chmod) the file with restrictive UMASK
permissions before testing further.  If you just have an existing
file and try the UMASK in the rc, it won't reset the existing
file.  My understanding is that UMASK is the file *creation*
environment; not equivalent to chmod, which sets the perms
on *existing* files.



What is strange is that procmail should be using the default
UMASK of 077
and it is not.. I'm starting to think that this "feature" is
hardcoded.. even


The "sticky bit" on the maildir has likely been set by the
sysadmin.  What are the results of "ls -ld ."?  Do you see
a capital-"S" in there somewhere, or something else unusual?
Maybe you can post what the long-listed files in the dir
look like.


if I could change the UMASK how can I adjust the default
group? and why the wheel group? I find it very strange
that it would be so careless by default..


Procmail does not have a careless default.  Is it compiled
suid-root?  All mail in /var/spool/mail (or wherever your
system puts its user mail) with one group, even wheel,
is not unheard-of.  If files are all chmodded properly,
so that only each user owns and can read his mail-file,
then it is probably secure.  Are files create by the system
without procmail running also group "wheel"?  What kind
of system is it?  What version of procmail?


Any suggestions on the portion of code I should modify? Is
this a procmail bug? I've been working on this for two days
now..


Well, you can easily run chmod via a pipe in a recipe in
procmail, if you're intent on doing that.

        :0c
        |chmod whatever

Probably chgrp, too, though I never tried it.

--
Dallman Ross <dman(_at_)nomotek(_dot_)com>
U.S. Voicemail/FAX: +1 (415) 680-2388
Residence Telephone: +49 (0) 6122 / 98 04 46
Cellular Telephone: +49 (0) 177 / 515 34 69
Fight Spam! Join CAUCE! == http://www.cauce.org/ or
http://www.euro.cauce.org/
N.B.: For no auto-reply, use <mailto:dman+noacks(_at_)nomotek(_dot_)com>



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  attempt to use, Henry Smith, Jr
Next by Date:  Simple recipe question, William Melanson
Previous by Thread:  Re: Directory and Mailbox permissions?, Opcode
Next by Thread:  matching in received header, Jerry Preeper
Indexes:  [Date] [Thread] [Top] [All Lists]