A/UX Mail files
John Sovereign
john at unisoft.UUCP
Fri Jan 27 16:08:28 AEST 1989
In article <289 at berlin.acss.umn.edu> grg at berlin.acss.umn.edu (George Gonzalez) writes:
>mail files have too many permissions: i.e.:
>
>-rw-rw---- gus
>-rw-rw---- harry
>
The "feature" is the local mail delivery agent, /bin/mail, which is forcing
the modes that you observe. As a security feature in System V,
/bin/mail is intended to be set-group-id (and not set-user-id root) and the
files in the spool directory, /usr/mail, must be writable by the group.
Since /bin/mail does not have the set-group-id bit set on A/UX, the group
id of the mail file(s) are set to the group id of the sender whose mail
happens to create the recipient's mail file.
>We'd rather have the files be -rw-------, i.e. only accessible by the owner.
>
>Any ideas?
I haven't tested either of these very thoroughly, but here goes.
(1) This is a quick fix which I believe addresses your concern, but does not
solve some other problems which also exist with forwarding of mail.
# chmod 731 /usr/mail
This change will prevent people from reading anyone else's mail file. Make
sure that the directory is writable by the group "bin"; this allows "mailx"
(what AT&T calls Berkeley Mail) to remove mail files by invoking
/usr/lib/mailx/rmmail (another set-group-id security feature!).
(2) This is more involved, but is probably the "right" fix. Add an entry
to /etc/passwd with a login name of "mail" and user and group id of 6.
Add an entry in /etc/group for "mail" as well. Then do the following.
# chgrp mail /bin/mail /usr/mail /usr/lib/mailx/rmmail
# chmod 2755 /bin/mail /usr/lib/mailx/rmmail
# chmod 775 /usr/mail
I'm probably forgetting something at this hour, but it's worth a go.
John Sovereign
UniSoft Corporation
uunet!unisoft!john
More information about the Comp.unix.aux
mailing list