From owner-freebsd-questions@FreeBSD.ORG Tue Jan 9 04:19:13 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9C52216A407 for ; Tue, 9 Jan 2007 04:19:13 +0000 (UTC) (envelope-from malcolm.kay@internode.on.net) Received: from ipmail01.adl2.internode.on.net (ipmail01.adl2.internode.on.net [203.16.214.140]) by mx1.freebsd.org (Postfix) with ESMTP id 1AFCF13C44C for ; Tue, 9 Jan 2007 04:19:12 +0000 (UTC) (envelope-from malcolm.kay@internode.on.net) Received: from ppp125-203.lns2.adl4.internode.on.net (HELO alpha.home) ([121.44.125.203]) by ipmail01.adl2.internode.on.net with ESMTP; 09 Jan 2007 14:49:03 +1030 X-IronPort-AV: i="4.13,161,1167571800"; d="scan'208"; a="71466182:sNHT18780407422" From: Malcolm Kay Organization: at home To: freebsd-questions@freebsd.org Date: Tue, 9 Jan 2007 14:49:01 +1030 User-Agent: KMail/1.8 References: <45A2884F.7010405@chapman.edu> In-Reply-To: <45A2884F.7010405@chapman.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200701091449.01739.malcolm.kay@internode.on.net> Cc: Jay Chandler Subject: Re: Permissions Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 04:19:13 -0000 On Tue, 9 Jan 2007 04:37 am, Jay Chandler wrote: > Sorry for the dumb question this morning-- caffeine hasn't yet > worked its wondrous magic upon my person. > > I've got a user who needs to be able to view (read only) the > aliases file. We'll grant him root access a few weeks after > the eventual heat-death of the universe, so how would you all > go about doing this? > > I've considered allowing him to run a local copy of the > praliases command, but that chokes on the /etc/mail/aliases > permissions... I am confused (or someone is). On all the FreeBSD systems I have immediate access to the file /etc/mail/aliases has the default permissions -rw-r--r--, in other words is readable by anyone. On the other hand /etc/mail/aliases.db is sometimes -rw-r----- and sometimes -rw-r--r-- but since it is only an encoded version of aliases and additional restrictions would seem useless. I can imagine some might object to reason setting either of these o+r, but this does seem to be the norm. Perhaps someone else has other views. Or perhaps this is some variation when using profix, qmail etc. in place of sendmail. Malcolm > > To complicate things, the file etc/mail/aliases is actually > an NFS mounted file shared between all our mx boxes, and he > only needs to access it from a designated machine. > > Thoughts? My apologies if this is unclear...