From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3DBBB138740 for ; Tue, 29 Jan 2013 16:38:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6FADE21C044; Tue, 29 Jan 2013 16:37:58 +0000 (UTC) Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com [74.125.82.48]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7E0FB21C00B for ; Tue, 29 Jan 2013 16:37:56 +0000 (UTC) Received: by mail-wg0-f48.google.com with SMTP id 16so427891wgi.3 for ; Tue, 29 Jan 2013 08:37:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:reply-to:to:subject:date:user-agent:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=gLKabaRetOPq+HNem2Bg/NsbT+COV93KPm/RoQAsfWo=; b=juDVnXeFw02xnB/B/4ziQbIaLz41OMOvfEReE+0PsWGRJdG3jBm8/CAOufHxOyyKdo SSZKvBnyNjyNN9J+fTWMHEzDFw+lWWcPuP5A7phVl7X20Mg8i3402vPxD6fE4YjBMti+ YkWArjVOGhyNwhk8oyes+5XmYv1LX5an9kk2MUgd7oAO6jxkvIdnwFLNQbQyU+ExsCI/ Fs59hKAzNsaI1WJRvmiqcez8m5S17Y5vv+JtRqF2gKqGxIeKgL8i0VQ2xLxeek0aVQTm vliOIO7vDKeW1BxE39O8OR3w+1lmVMGHS5J0I9hwq8JTYthyvxMwspQCgfTNUraQbMO3 CbnQ== X-Received: by 10.180.107.97 with SMTP id hb1mr3802722wib.4.1359477474747; Tue, 29 Jan 2013 08:37:54 -0800 (PST) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id q13sm3523065wie.0.2013.01.29.08.37.52 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 29 Jan 2013 08:37:53 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] net-mail/mailbase-1.1 and access rights of /var/spool/mail Date: Tue, 29 Jan 2013 16:36:06 +0000 User-Agent: KMail/1.13.7 (Linux/3.6.11-gentoo; KDE/4.9.5; x86_64; ; ) References: <201301290638.08057.michaelkintzios@gmail.com> <20130129121916.7e954409@khamul.example.com> In-Reply-To: <20130129121916.7e954409@khamul.example.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9330530.xFm0L73zal"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201301291636.25822.michaelkintzios@gmail.com> X-Archives-Salt: d2aeb2fd-1703-44d5-981f-c22bffa7be78 X-Archives-Hash: 0eda66dc4ffaff049646cbbb8814c04c --nextPart9330530.xFm0L73zal Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Tuesday 29 Jan 2013 10:19:16 Alan McKinnon wrote: > On Tue, 29 Jan 2013 06:37:47 +0000 >=20 > Mick wrote: > > Hi All, > >=20 > > I got this message when net-mail/mailbase-1.1 was emerged: > >=20 > > * Messages for package net-mail/mailbase-1.1: > > * Your //var/spool/mail/ directory permissions differ from > > * those which mailbase wants to set it to (03775). > > * If you did not change them on purpose, consider running: > > * > > * chown root:mail //var/spool/mail/ > > * chmod 03775 //var/spool/mail/ > >=20 > > Running this chmod changed access rights from: > > drwxrwxr-x 2 root mail 4096 Jan 28 19:57 mail > >=20 > > to a sticky-fied: > > drwxrwsr-t 2 root mail 4096 Jan 28 19:57 mail > >=20 > > Any idea why are the sticky bits for group and others required? >=20 > sticky for group so that all sub-dirs and files in them are owned by > the mail group. Without it, they would be owned by the user running > "mailx" and the mail system can no longer manager them. >=20 > sticky for others is so that you can't delete my mail but you can still > create your own mail spool files. Identical logic to /tmp (assuming > that you are in the mail group) Thanks Alan, it makes sense now. No one other than mail are in the mail gr= oup=20 in this box (my laptop): $ less /etc/group | grep mail mail:x:12:mail I have rkhunter and some cron jobs using ssmtp to email me log info, but th= ey=20 have been running as root. That's why I hadn't experienced a problem with = the=20 previous access rights. I wonder why this was picked up in the 1.1 version= =20 and not previously - perhaps a test was added on purpose in the ebuild. =2D-=20 Regards, Mick --nextPart9330530.xFm0L73zal Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEABECAAYFAlEH+okACgkQVTDTR3kpaLaT8ACgvFypcTCoEVOSx82TXy4GvqZA Cl8AoPSBuNpHx6gmPAG43RptXF8VEZaW =M4ug -----END PGP SIGNATURE----- --nextPart9330530.xFm0L73zal--