From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-144829-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 542E2138743
	for <garchives@archives.gentoo.org>; Tue, 29 Jan 2013 19:16:19 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 5C5F321C035;
	Tue, 29 Jan 2013 19:16:11 +0000 (UTC)
Received: from mail-we0-f179.google.com (mail-we0-f179.google.com [74.125.82.179])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 83D4121C014
	for <gentoo-user@lists.gentoo.org>; Tue, 29 Jan 2013 19:16:09 +0000 (UTC)
Received: by mail-we0-f179.google.com with SMTP id x43so587618wey.10
        for <gentoo-user@lists.gentoo.org>; Tue, 29 Jan 2013 11:16:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=x-received:date:from:to:subject:message-id:in-reply-to:references
         :organization:x-mailer:mime-version:content-type
         :content-transfer-encoding;
        bh=DLqLhjuceXWjvvHAXZ8gZIyCjfp3mG8ZMKY1OEsqpOo=;
        b=xKGh/g3ExGqvprf+PSie9B90JoKu57PYnc32CSgx2fKjWxYEkfCYDIufGrASKmbq/g
         ezIwtUl7nCWIImSy0psZQ7cOsSfc4AADJZfGOMKcY0/HtXdWFD+bMb5FJ/m2G6lPrGyb
         MRyq2DLl0F5ddzJa2Tmu/Axl3Paf92+lGMrG4rNF0Lga2LOGW4yaIokLIFbl11r0cxL2
         nUNn706DMkUFhKg1Y92OWFJCYR19bpaTfp/ryGjuKDO4iqci54dk1KoGXWGtUSlBVAuZ
         2HihDjJfLvxRuDM+KjKdfnu+wDv0BcNrpY89TO+K2BchXfH2AHHqfVwDKriS1GqJsGsu
         3K8Q==
X-Received: by 10.180.78.34 with SMTP id y2mr4451903wiw.3.1359486967945;
        Tue, 29 Jan 2013 11:16:07 -0800 (PST)
Received: from khamul.example.com (196-210-100-45.dynamic.isadsl.co.za. [196.210.100.45])
        by mx.google.com with ESMTPS id hu8sm4762945wib.6.2013.01.29.11.16.05
        (version=SSLv3 cipher=RC4-SHA bits=128/128);
        Tue, 29 Jan 2013 11:16:07 -0800 (PST)
Date: Tue, 29 Jan 2013 21:15:21 +0200
From: Alan McKinnon <alan.mckinnon@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] net-mail/mailbase-1.1 and access rights of
 /var/spool/mail
Message-ID: <20130129211521.17b9f4f8@khamul.example.com>
In-Reply-To: <201301291636.25822.michaelkintzios@gmail.com>
References: <201301290638.08057.michaelkintzios@gmail.com>
	<20130129121916.7e954409@khamul.example.com>
	<201301291636.25822.michaelkintzios@gmail.com>
Organization: Internet Solutions
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.14; x86_64-pc-linux-gnu)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 145a736b-3ee6-451a-910f-cfd25058fca6
X-Archives-Hash: 92cd1eac9e25a432b77d5b84c1dc1137

On Tue, 29 Jan 2013 16:36:06 +0000
Mick <michaelkintzios@gmail.com> wrote:

> On Tuesday 29 Jan 2013 10:19:16 Alan McKinnon wrote:
> > On Tue, 29 Jan 2013 06:37:47 +0000
> > 
> > Mick <michaelkintzios@gmail.com> wrote:
> > > Hi All,
> > > 
> > > I got this message when net-mail/mailbase-1.1 was emerged:
> > > 
> > > * Messages for package net-mail/mailbase-1.1:
> > >  * Your //var/spool/mail/ directory permissions differ from
> > >  *   those which mailbase wants to set it to (03775).
> > >  *   If you did not change them on purpose, consider running:
> > >  *
> > >  *     chown root:mail //var/spool/mail/
> > >  *     chmod 03775 //var/spool/mail/
> > > 
> > > Running this chmod changed access rights from:
> > >   drwxrwxr-x  2 root mail 4096 Jan 28 19:57 mail
> > > 
> > > to a sticky-fied:
> > >   drwxrwsr-t  2 root mail 4096 Jan 28 19:57 mail
> > > 
> > > Any idea why are the sticky bits for group and others required?
> > 
> > sticky for group so that all sub-dirs and files in them are owned by
> > the mail group. Without it, they would be owned by the user running
> > "mailx" and the mail system can no longer manager them.
> > 
> > sticky for others is so that you can't delete my mail but you can
> > still create your own mail spool files. Identical logic to /tmp
> > (assuming that you are in the mail group)
> 
> Thanks Alan, it makes sense now.  No one other than mail are in the
> mail group in this box (my laptop):
> 
> $ less /etc/group | grep mail
> mail:x:12:mail
> 
> I have rkhunter and some cron jobs using ssmtp to email me log info,
> but they have been running as root.  That's why I hadn't experienced
> a problem with the previous access rights.  I wonder why this was
> picked up in the 1.1 version and not previously - perhaps a test was
> added on purpose in the ebuild.

There's relevant info and bug numbers in the mailbase Changelog:

*mailbase-1.1 (12 Oct 2012)

  12 Oct 2012; Eray Aslan <eras@gentoo.org> +mailbase-1.1.ebuild:
  Make /var/spool/mail/ directory setgid and sticky - bugs #424431
  #426962 #438062 and various others


-- 
Alan McKinnon
alan.mckinnon@gmail.com