On 9/24/05, Sebastian Luque <spluque(_at_)gmail(_dot_)com> wrote:
Check the permissions on /var/mail and make sure it's chmod 1777 with the
sticky bit.....
Resucitating this thread as I'm experiencing this problem too. What does
"stiky bit" mean here? Sorry, I'm not familiar with all this jargon and
just getting aquainted with procmail.
% man chmod
...
MODES
Modes may be absolute or symbolic. An absolute mode is an octal number
constructed from the sum of one or more of the following values:
4000 (the set-user-ID-on-execution bit) Executable files with
this bit set will run with effective uid set to the uid of
the file owner. Directories with the set-user-id bit set
will force all files and sub-directories created in them to
be owned by the directory owner and not by the uid of the
creating process, if the underlying file system supports
this feature: see chmod(2) and the suiddir option to
mount(8).
2000 (the set-group-ID-on-execution bit) Executable files with
this bit set will run with effective gid set to the gid of
the file owner.
1000 (the sticky bit) See chmod(2) and sticky(8).
% man 2 chmod
...
If mode ISVTX (the `sticky bit') is set on a directory, an unprivileged
user may not delete or rename files of other users in that directory. The
sticky bit may be set by any user on a directory which the user owns or
has appropriate permissions. For more details of the properties of the
sticky bit, see sticky(8).
% man 8 sticky
A special file mode, called the sticky bit (mode S_ISVTX), is used to
indicate special treatment for shareable executable files and directo-
ries. See chmod(2) or the file /usr/include/sys/stat.h for an explana-
tion of file modes.
In short, you can create a directory with mode 1777 which looks like
it is a wide open directory where chaos reigns and anyone can delete
anything. But since the sticky bit is set, when I create a file in
the directory and set it's permissions to 600, those permissions
basically override the permissions of the directory. Since the file
is only readable/writeable by me, no one else can look at it, delete
it, or modify it. the 777 permissions on the directory allow me to
create a file, but don't allow anyone else to mung it.
the mail spool and the tmp directory have to be 1777 to be useful/
--
<http://2blog.kreme.com/>
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail