From owner-freebsd-questions@FreeBSD.ORG Tue Jan 9 18:18:18 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DB82D16A407 for ; Tue, 9 Jan 2007 18:18:18 +0000 (UTC) (envelope-from chandler@chapman.edu) Received: from calais.chapman.edu (calais.chapman.edu [192.77.116.205]) by mx1.freebsd.org (Postfix) with ESMTP id C70EE13C469 for ; Tue, 9 Jan 2007 18:18:18 +0000 (UTC) (envelope-from chandler@chapman.edu) Received: from [206.211.142.181] (ist181.chapman.edu [206.211.142.181]) by calais.chapman.edu (Postfix) with ESMTP id CABC42E9EB for ; Tue, 9 Jan 2007 10:18:20 -0800 (PST) Message-ID: <45A3DC60.7090209@chapman.edu> Date: Tue, 09 Jan 2007 10:18:08 -0800 From: Jay Chandler User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <45A2884F.7010405@chapman.edu> <200701091449.01739.malcolm.kay@internode.on.net> In-Reply-To: <200701091449.01739.malcolm.kay@internode.on.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Chapman-MailScanner-Information: Please contact the ISP for more information X-Chapman-MailScanner: Found to be clean X-Chapman-MailScanner-From: chandler@chapman.edu X-Spam-Status: No Subject: Re: Permissions Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 18:18:18 -0000 Malcolm Kay wrote: > I am confused (or someone is). > On all the FreeBSD systems I have immediate access to the file > /etc/mail/aliases has the default permissions -rw-r--r--, in > other words is readable by anyone. On the other > hand /etc/mail/aliases.db is sometimes -rw-r----- and sometimes > -rw-r--r-- but since it is only an encoded version of aliases > and additional restrictions would seem useless. > > I can imagine some might object to reason setting either of these > o+r, but this does seem to be the norm. > > Perhaps someone else has other views. Or perhaps this is some > variation when using profix, qmail etc. in place of sendmail. > > Malcolm > > Postfix is the MTA, but the file itself is NFS shared between all the mailservers, and furthermore is used as part of a script that expects things to be "just so." I inherited this setup, and don't dare start changing the permissions on key files until I understand what every part of the equation expects to see-- an example would be the user mailboxes, wherein the permissions were set incorrectly causing Sendmail to choke (dontblamesendmail has more on this for the curious). -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: user to computer ratio too high.