Date: Tue, 29 Oct 1996 07:35:54 +0100 From: roberto@keltia.freenix.fr (Ollivier Robert) To: current@FreeBSD.org Cc: MRC@CAC.Washington.EDU (Mark Crispin) Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <199610290635.HAA05491@keltia.freenix.fr> In-Reply-To: <Pine.NEB.3.95.961028175432.24970C-100000@quagmire.ki.net>; from Marc G. Fournier on Oct 28, 1996 17:57:52 -0500 References: <MailManager.846538027.8148.mrc@Ikkoku-Kan.Panda.COM> <Pine.NEB.3.95.961028175432.24970C-100000@quagmire.ki.net>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Marc G. Fournier: [Mark Crispin] > > Let's start with the easy part: the permissions (drwxr-xr-x or 0755) on > > /var/mail are wrong. They should be (drwxrwxrwt or 01777); in other words, > > "world write" with the "sticky bit". 0755 has always been wrong. > The only one I didn't think of trying :( Good. Because this is wrong. Having /var/mail 1777 opens you to various DoS attacks. Having it 755 enables: - use of fcntl locking, - use of non setgid mailer 1777 has always been wrong. It is needed if: 1- dot-locking is used, 2- you need to create the folder. 1- is not a good locking scheme IMO and 2- is not needed because the folder is created by mail.local/procmail. > Non of the above...I ran 'make hierarchy' when I upgrade my FreeBS > Mail server...they seem to believe that /var/mail shoudl be 755, it seems... > CC'ng this to the FreeBSD Mailing list... If imapd needs 1777 it needs to be fixed IMO. > > Error creating /var/mail/foo.lock: Permission denied > > then you need to discern why the user (probably "foo") gets a "Permission > > denied" from the OS when he tries to create the file "/var/mail/foo.lock". If one use imapd, then one doesn't need dot locking ! > Yes, sorry...I didnt' have a copy of the error message in front of > me when I sent the email...it was meant as an approximation (a bad one it > seems)...but it was good enough that you were able to give me the answer > I required Sorry, in my opinion, this is bad and broken. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 2.2-CURRENT #26: Sun Oct 27 19:39:11 MET 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610290635.HAA05491>