On Friday 09 October 2009 16:36:34 Mike McGrath wrote:
On Fri, 9 Oct 2009, Michal Hlavinka wrote:
> Hi all!
>
> I've got quite simple question from dovecot's upstream: Why do we have rw
> access on mails for mail group? Why /var/mail/<username> files have 0660
> <username>:mail permissions instead of 0600 permissions? The fact is, I
> don't know the answer and I'd appreciate your help.
>
> Some facts:
>
> distro | group | perm
> ---------+-------+---------
> Fedora | mail | 0660
> Ubuntu | mail | 0600
> openSuSE | users | 0600 (user is member of users group)
> debian 4.0 | mail | 0660
>
> (Note: This is result of my own investigations on installed systems or
> livecds, I don't know if any installed system had changed settings.)
>
> Interesting thing is, that when new user is added to the system, useradd
> creates /var/mail/<username> file with <username>:mail 0660
permissions,
> but when you delete this file and the user gets new email, this file will
> be autocreated with 0600 permissions (still <username>:group owned) and
> it seems everything still works.
>
> useradd command comes from shadow-utils and fedora contains no patch
> changing permissions to 0660.
>
> The most important question is: Is there anything that requires these
> files can be read and written by mail group?
>
> If you have any info regarding this, please share.
Just a guess, but if you run useradd from shell, your umask is likely
0002. Sendmail's umask is probably 022 as set in /etc/init.d/functions
0660 is explicitly set by useradd:
gr = getgrnam ("mail"); /* local, no need for xgetgrnam */
if (NULL == gr) {
fputs (_("Group 'mail' not found. Creating the user
mailbox file with 0600 mode.\n"),
stderr);
gid = user_gid;
mode = 0600;
} else {
gid = gr->gr_gid;
mode = 0660;
}