[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: does fedora have anything requiring :mail rw access?



On Friday 09 October 2009 16:36:34 Mike McGrath wrote:
> On Fri, 9 Oct 2009, Michal Hlavinka wrote:
> > Hi all!
> >
> > I've got quite simple question from dovecot's upstream: Why do we have rw
> > access on mails for mail group? Why /var/mail/<username> files have 0660
> > <username>:mail permissions instead of 0600 permissions? The fact is, I
> > don't know the answer and I'd appreciate your help.
> >
> > Some facts:
> >
> > distro   | group | perm
> > ---------+-------+---------
> > Fedora   | mail  | 0660
> > Ubuntu   | mail  | 0600
> > openSuSE | users | 0600 (user is member of users group)
> > debian 4.0 | mail | 0660
> >
> > (Note: This is result of my own investigations on installed systems or
> > livecds, I don't know if any installed system had changed settings.)
> >
> > Interesting thing is, that when new user is added to the system, useradd
> > creates /var/mail/<username> file with <username>:mail 0660 permissions,
> > but when you delete this file and the user gets new email, this file will
> > be autocreated with 0600 permissions (still <username>:group owned) and
> > it seems everything still works.
> >
> > useradd command comes from shadow-utils and fedora contains no patch
> > changing permissions to 0660.
> >
> > The most important question is: Is there anything that requires these
> > files can be read and written by mail group?
> >
> > If you have any info regarding this, please share.
> 
> Just a guess, but if you run useradd from shell, your umask is likely
> 0002.  Sendmail's umask is probably 022 as set in /etc/init.d/functions

0660 is explicitly set by useradd:

                gr = getgrnam ("mail"); /* local, no need for xgetgrnam */
                if (NULL == gr) {
                        fputs (_("Group 'mail' not found. Creating the user 
mailbox file with 0600 mode.\n"),
                               stderr);
                        gid = user_gid;
                        mode = 0600;
                } else {
                        gid = gr->gr_gid;
                        mode = 0660;
                }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]