'Re: [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-user
Subject:    Re: [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail
From:       Alan McKinnon <alan.mckinnon () gmail ! com>
Date:       2013-01-29 19:15:21
Message-ID: 20130129211521.17b9f4f8 () khamul ! example ! com
[Download RAW message or body]

On Tue, 29 Jan 2013 16:36:06 +0000
Mick <michaelkintzios@gmail.com> wrote:

> On Tuesday 29 Jan 2013 10:19:16 Alan McKinnon wrote:
> > On Tue, 29 Jan 2013 06:37:47 +0000
> > 
> > Mick <michaelkintzios@gmail.com> wrote:
> > > Hi All,
> > > 
> > > I got this message when net-mail/mailbase-1.1 was emerged:
> > > 
> > > * Messages for package net-mail/mailbase-1.1:
> > >  * Your //var/spool/mail/ directory permissions differ from
> > >  *   those which mailbase wants to set it to (03775).
> > >  *   If you did not change them on purpose, consider running:
> > >  *
> > >  *     chown root:mail //var/spool/mail/
> > >  *     chmod 03775 //var/spool/mail/
> > > 
> > > Running this chmod changed access rights from:
> > >   drwxrwxr-x  2 root mail 4096 Jan 28 19:57 mail
> > > 
> > > to a sticky-fied:
> > >   drwxrwsr-t  2 root mail 4096 Jan 28 19:57 mail
> > > 
> > > Any idea why are the sticky bits for group and others required?
> > 
> > sticky for group so that all sub-dirs and files in them are owned by
> > the mail group. Without it, they would be owned by the user running
> > "mailx" and the mail system can no longer manager them.
> > 
> > sticky for others is so that you can't delete my mail but you can
> > still create your own mail spool files. Identical logic to /tmp
> > (assuming that you are in the mail group)
> 
> Thanks Alan, it makes sense now.  No one other than mail are in the
> mail group in this box (my laptop):
> 
> $ less /etc/group | grep mail
> mail:x:12:mail
> 
> I have rkhunter and some cron jobs using ssmtp to email me log info,
> but they have been running as root.  That's why I hadn't experienced
> a problem with the previous access rights.  I wonder why this was
> picked up in the 1.1 version and not previously - perhaps a test was
> added on purpose in the ebuild.

There's relevant info and bug numbers in the mailbase Changelog:

*mailbase-1.1 (12 Oct 2012)

  12 Oct 2012; Eray Aslan <eras@gentoo.org> +mailbase-1.1.ebuild:
  Make /var/spool/mail/ directory setgid and sticky - bugs #424431
  #426962 #438062 and various others


-- 
Alan McKinnon
alan.mckinnon@gmail.com


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic