From owner-freebsd-security Fri Jun 7 10:06:48 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA02373 for security-outgoing; Fri, 7 Jun 1996 10:06:48 -0700 (PDT) Received: from uu.elvisti.kiev.ua (acc0.elvisti.kiev.ua [193.125.28.132]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA02328 for ; Fri, 7 Jun 1996 10:06:09 -0700 (PDT) Received: from office.elvisti.kiev.ua (office.elvisti.kiev.ua [193.125.28.129]) by uu.elvisti.kiev.ua (8.7.5/8.7.3) with ESMTP id TAA26791; Fri, 7 Jun 1996 19:54:48 +0300 (EET DST) Received: (from stesin@localhost) by office.elvisti.kiev.ua (8.6.12/8.ElVisti) id TAA24303; Fri, 7 Jun 1996 19:54:47 +0300 From: "Andrew V. Stesin" Message-Id: <199606071654.TAA24303@office.elvisti.kiev.ua> Subject: Re: FreeBSD's /var/mail permissions To: dima@sivka.rdy.com (Dima Ruban) Date: Fri, 7 Jun 1996 19:54:47 +0300 (EET DST) Cc: pst@shockwave.com, security@FreeBSD.ORG In-Reply-To: <960607084817.ZM3926@sivka.rdy.com> from "Dima Ruban" at Jun 7, 96 08:48:17 am X-Mailer: ELM [version 2.4 PL24alpha5] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk # > Proposed solution: # > I'm considering creating group "mail" and going the setgid route, # > so that a program which creates files in /var/mail can be simply # > setgid mail. # # Agreed. More than that, something like a year ago (maybe even more) # I've created mail group and changed modes on /var/mail. It works just perfect # and solve me whole bunch of problems. While you men are on the topic, what about a group "logger" and have /dev/log be 0660 root:logger? instead of 666 root:wheel? (daemon should belong to logger, too) -- With best regards -- Andrew Stesin. +380 (44) 2760188 +380 (44) 2713457 +380 (44) 2713560 "You may delegate authority, but not responsibility." Frank's Management Rule #1.