Justin followed up,
| Some of our users have been complaining that we've had to change
| permissions on their home dirs in our development environment, saying
| that the test is now invalid because it doesn't match production. I
| wanted to be able to tell them with certainty why the perm changes were
| necessary, and had suspected that it was a security issue, but didn't
| want to say so without an authoritative answer on the subject.
I'm wondering if your setup gives every user a separate login group. If
that's the case, procmail has a compile-time option called GROUP_PER_USER
that you can set. If it's on, procmail will not treat writability by the
user's login group as a security problem. Then you can recompile procmail
and your users can leave the permissions on their home directories alone.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail