From owner-freebsd-questions@FreeBSD.ORG Wed Jan 7 03:52:03 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 296F616A4CE for ; Wed, 7 Jan 2004 03:52:03 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12AAA43D2F for ; Wed, 7 Jan 2004 03:51:54 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) i07Bl3N2087190 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Jan 2004 11:47:03 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i07Bl35b087189; Wed, 7 Jan 2004 11:47:03 GMT (envelope-from matthew) Date: Wed, 7 Jan 2004 11:47:03 +0000 From: Matthew Seaman To: Ed Budd Message-ID: <20040107114703.GB86459@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Ed Budd , freebsd-questions@freebsd.org References: <20040106215931.44480f91.ebudd@grokking.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xXmbgvnjoT4axfJE" Content-Disposition: inline In-Reply-To: <20040106215931.44480f91.ebudd@grokking.org> User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.61 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: rationale for /var/spool/mqueue permissions with 5.1R X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jan 2004 11:52:03 -0000 --xXmbgvnjoT4axfJE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 06, 2004 at 09:59:31PM -0500, Ed Budd wrote: > I've been working my way through the sendmail "bat" book (not > *ALWAYS* the most exciting read but informative nonetheless) and > have come across a recommendation to ensure that /var/spool/mqueue is > set as root-owned with mode of 0700.=20 >=20 > However, it appears that by default the permissions on 5.1R are thus (at > least on my two boxes): >=20 > root:daemon=20 > drwxr-xr-x >=20 > My question is: why are these permissions set this way or, perhaps more > to the point, what (if anything) am I likely to break if I change them > to the recommendations in the book? It's the same in all recent version of FreeBSD. Having /var/spool/mqueue as mode 755 means that anyone can use the 'mailq' command to see how many messages are queued up. Of course, the queue files themselves are generated mode 600 so you need to be root in order to get any more information out of them, like who the message is to and why it is sitting in the queue. Other commands like 'hoststat' will be similarly affected. Changing the /var/spool/mqueue directory permissions to 700 shouldn't have any bad consequences for sendmail(8) itself though. The same is not true of /var/spool/clientmqueue, which has to be at least mode 770 and owned by smmsp:smmsp Cheers, Matthew=09 --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQE/+/G3dtESqEQa7a0RAgvNAJ9S5jY6uBxYZCwcAXjHvEDHpUSNzACbBi88 c1mLBx7nir4rCwKfGVsLms0= =U9EE -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE--