Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tlug: Mutt-J questions



>>>>> "Chris" == Chris Sekiya <chris@example.com> writes:

    Chris> On Wed, 27 Jan 1999, Stephen J. Turnbull wrote:
    >> It _does_ need to be setgid <GID of /var/spool/mail> to write
    >> lockfiles there.

    Chris> Is there something wrong with 'chmod a+rwt
    Chris> /var/spool/mail'?

Violates the principle of minimum necessary access.  movemail needs to 
be able to read/write the spool directory to use lockfiles, and to
read/write one user's spool file.  The latter is OK because movemail
runs as the user, so do the minimum needed to grant the former.

Is the `a+' a typo?  If not, does

mv /var/spool/mail/chris /var/spool/mail/.chris
ln -s /home/steve/what-is-chris-up-to /var/spool/mail/chris

fail?  I forget.  Sure and

touch /var/spool/mail/.lock.chris

(or whatever the correct lockfile is) could be annoying, and you'd
have to do a mailq explicitly to detect it.

Just guessing, none of the above are known to work, but the
possibilities seem endless.  I also don't like the `rwt'; making group
sticky means that movemail can get at other people's mail.  There was
a bug in all GNU Emacsen for a while that allowed you to read other
people's mail through a similar mechanism, although I don't recall the
details.  I guess you could fix that by chmod 0600 /var/spool/mail,
but that's not done on any of the group-per-user systems I have (one
each Debian, RedHat, TurboLinux).

FWIW, Debian uses chmod u=rwx g=rwxt o=rx.  My RPM systems aren't
online at the moment.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for?  "Free software rules."
-------------------------------------------------------------------
Next Technical Meeting: February 13 (Sat), 12:30 place: Temple Univ.
** presentation: XEmacs, by Steven Baur and Martin Buchholz
Next Nomikai: March 19 (Fri), 19:30   Tengu TokyoEkiMae 03-3275-3691
-------------------------------------------------------------------
more info: http://tlug.linux.or.jp                     Sponsor: PHT


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links