* [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail
@ 2013-01-29 6:37 Mick
2013-01-29 10:19 ` Alan McKinnon
0 siblings, 1 reply; 4+ messages in thread
From: Mick @ 2013-01-29 6:37 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 653 bytes --]
Hi All,
I got this message when net-mail/mailbase-1.1 was emerged:
* Messages for package net-mail/mailbase-1.1:
* Your //var/spool/mail/ directory permissions differ from
* those which mailbase wants to set it to (03775).
* If you did not change them on purpose, consider running:
*
* chown root:mail //var/spool/mail/
* chmod 03775 //var/spool/mail/
Running this chmod changed access rights from:
drwxrwxr-x 2 root mail 4096 Jan 28 19:57 mail
to a sticky-fied:
drwxrwsr-t 2 root mail 4096 Jan 28 19:57 mail
Any idea why are the sticky bits for group and others required?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail
2013-01-29 6:37 [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail Mick
@ 2013-01-29 10:19 ` Alan McKinnon
2013-01-29 16:36 ` Mick
0 siblings, 1 reply; 4+ messages in thread
From: Alan McKinnon @ 2013-01-29 10:19 UTC (permalink / raw
To: gentoo-user
On Tue, 29 Jan 2013 06:37:47 +0000
Mick <michaelkintzios@gmail.com> wrote:
> Hi All,
>
> I got this message when net-mail/mailbase-1.1 was emerged:
>
> * Messages for package net-mail/mailbase-1.1:
>
> * Your //var/spool/mail/ directory permissions differ from
> * those which mailbase wants to set it to (03775).
> * If you did not change them on purpose, consider running:
> *
> * chown root:mail //var/spool/mail/
> * chmod 03775 //var/spool/mail/
>
>
> Running this chmod changed access rights from:
>
> drwxrwxr-x 2 root mail 4096 Jan 28 19:57 mail
>
> to a sticky-fied:
>
> drwxrwsr-t 2 root mail 4096 Jan 28 19:57 mail
>
>
> Any idea why are the sticky bits for group and others required?
sticky for group so that all sub-dirs and files in them are owned by
the mail group. Without it, they would be owned by the user running
"mailx" and the mail system can no longer manager them.
sticky for others is so that you can't delete my mail but you can still
create your own mail spool files. Identical logic to /tmp (assuming
that you are in the mail group)
--
Alan McKinnon
alan.mckinnon@gmail.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail
2013-01-29 10:19 ` Alan McKinnon
@ 2013-01-29 16:36 ` Mick
2013-01-29 19:15 ` Alan McKinnon
0 siblings, 1 reply; 4+ messages in thread
From: Mick @ 2013-01-29 16:36 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 1720 bytes --]
On Tuesday 29 Jan 2013 10:19:16 Alan McKinnon wrote:
> On Tue, 29 Jan 2013 06:37:47 +0000
>
> Mick <michaelkintzios@gmail.com> wrote:
> > Hi All,
> >
> > I got this message when net-mail/mailbase-1.1 was emerged:
> >
> > * Messages for package net-mail/mailbase-1.1:
> > * Your //var/spool/mail/ directory permissions differ from
> > * those which mailbase wants to set it to (03775).
> > * If you did not change them on purpose, consider running:
> > *
> > * chown root:mail //var/spool/mail/
> > * chmod 03775 //var/spool/mail/
> >
> > Running this chmod changed access rights from:
> > drwxrwxr-x 2 root mail 4096 Jan 28 19:57 mail
> >
> > to a sticky-fied:
> > drwxrwsr-t 2 root mail 4096 Jan 28 19:57 mail
> >
> > Any idea why are the sticky bits for group and others required?
>
> sticky for group so that all sub-dirs and files in them are owned by
> the mail group. Without it, they would be owned by the user running
> "mailx" and the mail system can no longer manager them.
>
> sticky for others is so that you can't delete my mail but you can still
> create your own mail spool files. Identical logic to /tmp (assuming
> that you are in the mail group)
Thanks Alan, it makes sense now. No one other than mail are in the mail group
in this box (my laptop):
$ less /etc/group | grep mail
mail:x:12:mail
I have rkhunter and some cron jobs using ssmtp to email me log info, but they
have been running as root. That's why I hadn't experienced a problem with the
previous access rights. I wonder why this was picked up in the 1.1 version
and not previously - perhaps a test was added on purpose in the ebuild.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail
2013-01-29 16:36 ` Mick
@ 2013-01-29 19:15 ` Alan McKinnon
0 siblings, 0 replies; 4+ messages in thread
From: Alan McKinnon @ 2013-01-29 19:15 UTC (permalink / raw
To: gentoo-user
On Tue, 29 Jan 2013 16:36:06 +0000
Mick <michaelkintzios@gmail.com> wrote:
> On Tuesday 29 Jan 2013 10:19:16 Alan McKinnon wrote:
> > On Tue, 29 Jan 2013 06:37:47 +0000
> >
> > Mick <michaelkintzios@gmail.com> wrote:
> > > Hi All,
> > >
> > > I got this message when net-mail/mailbase-1.1 was emerged:
> > >
> > > * Messages for package net-mail/mailbase-1.1:
> > > * Your //var/spool/mail/ directory permissions differ from
> > > * those which mailbase wants to set it to (03775).
> > > * If you did not change them on purpose, consider running:
> > > *
> > > * chown root:mail //var/spool/mail/
> > > * chmod 03775 //var/spool/mail/
> > >
> > > Running this chmod changed access rights from:
> > > drwxrwxr-x 2 root mail 4096 Jan 28 19:57 mail
> > >
> > > to a sticky-fied:
> > > drwxrwsr-t 2 root mail 4096 Jan 28 19:57 mail
> > >
> > > Any idea why are the sticky bits for group and others required?
> >
> > sticky for group so that all sub-dirs and files in them are owned by
> > the mail group. Without it, they would be owned by the user running
> > "mailx" and the mail system can no longer manager them.
> >
> > sticky for others is so that you can't delete my mail but you can
> > still create your own mail spool files. Identical logic to /tmp
> > (assuming that you are in the mail group)
>
> Thanks Alan, it makes sense now. No one other than mail are in the
> mail group in this box (my laptop):
>
> $ less /etc/group | grep mail
> mail:x:12:mail
>
> I have rkhunter and some cron jobs using ssmtp to email me log info,
> but they have been running as root. That's why I hadn't experienced
> a problem with the previous access rights. I wonder why this was
> picked up in the 1.1 version and not previously - perhaps a test was
> added on purpose in the ebuild.
There's relevant info and bug numbers in the mailbase Changelog:
*mailbase-1.1 (12 Oct 2012)
12 Oct 2012; Eray Aslan <eras@gentoo.org> +mailbase-1.1.ebuild:
Make /var/spool/mail/ directory setgid and sticky - bugs #424431
#426962 #438062 and various others
--
Alan McKinnon
alan.mckinnon@gmail.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-01-29 19:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-29 6:37 [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail Mick
2013-01-29 10:19 ` Alan McKinnon
2013-01-29 16:36 ` Mick
2013-01-29 19:15 ` Alan McKinnon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox