Hi all!
I've got quite simple question from dovecot's upstream: Why do we have rw access on mails for mail group? Why /var/mail/<username> files have 0660 <username>:mail permissions instead of 0600 permissions? The fact is, I don't know the answer and I'd appreciate your help.
Some facts:
distro | group | perm ---------+-------+--------- Fedora | mail | 0660 Ubuntu | mail | 0600 openSuSE | users | 0600 (user is member of users group) debian 4.0 | mail | 0660
(Note: This is result of my own investigations on installed systems or livecds, I don't know if any installed system had changed settings.)
Interesting thing is, that when new user is added to the system, useradd creates /var/mail/<username> file with <username>:mail 0660 permissions, but when you delete this file and the user gets new email, this file will be autocreated with 0600 permissions (still <username>:group owned) and it seems everything still works.
useradd command comes from shadow-utils and fedora contains no patch changing permissions to 0660.
The most important question is: Is there anything that requires these files can be read and written by mail group?
If you have any info regarding this, please share.
Thanks, Michal Hlavinka
Michal Hlavinka wrote:
On Friday 09 October 2009 15:31:45 Michal Hlavinka wrote:
The most important question is: Is there anything that requires these files can be read and written by mail group?
Well, I already know one, cyrus-imapd most probably requires mail rw. Is there anything else?
The default exim config says:
# This transport is used for local delivery to user mailboxes in traditional # BSD mailbox format. By default it will be run under the uid and gid of the # local user, and requires the sticky bit to be set on the /var/mail directory. # Some systems use the alternative approach of running mail deliveries under a # particular group instead of using the sticky bit. The commented options below # show how this can be done.
Neal Becker wrote:
Michal Hlavinka wrote:
On Friday 09 October 2009 15:31:45 Michal Hlavinka wrote:
The most important question is: Is there anything that requires these files can be read and written by mail group?
Well, I already know one, cyrus-imapd most probably requires mail rw. Is there anything else?
The default exim config says:
# This transport is used for local delivery to user mailboxes in # traditional BSD mailbox format. By default it will be run under the uid # and gid of the local user, and requires the sticky bit to be set on the # /var/mail directory. # Some systems use the alternative approach of running mail deliveries # under a # particular group instead of using the sticky bit. The commented options below # show how this can be done.
I should have been clearer- the default exim config used the mail group method: local_delivery: driver = appendfile file = /var/mail/$local_part delivery_date_add envelope_to_add return_path_add group = mail mode = 0660
On Fri, 9 Oct 2009, Michal Hlavinka wrote:
Hi all!
I've got quite simple question from dovecot's upstream: Why do we have rw access on mails for mail group? Why /var/mail/<username> files have 0660 <username>:mail permissions instead of 0600 permissions? The fact is, I don't know the answer and I'd appreciate your help.
Some facts:
distro | group | perm ---------+-------+--------- Fedora | mail | 0660 Ubuntu | mail | 0600 openSuSE | users | 0600 (user is member of users group) debian 4.0 | mail | 0660
(Note: This is result of my own investigations on installed systems or livecds, I don't know if any installed system had changed settings.)
Interesting thing is, that when new user is added to the system, useradd creates /var/mail/<username> file with <username>:mail 0660 permissions, but when you delete this file and the user gets new email, this file will be autocreated with 0600 permissions (still <username>:group owned) and it seems everything still works.
useradd command comes from shadow-utils and fedora contains no patch changing permissions to 0660.
The most important question is: Is there anything that requires these files can be read and written by mail group?
If you have any info regarding this, please share.
Just a guess, but if you run useradd from shell, your umask is likely 0002. Sendmail's umask is probably 022 as set in /etc/init.d/functions
That might explain the difference, as to why it's done that way I don't know.
-Mike
On Friday 09 October 2009 16:36:34 Mike McGrath wrote:
On Fri, 9 Oct 2009, Michal Hlavinka wrote:
Hi all!
I've got quite simple question from dovecot's upstream: Why do we have rw access on mails for mail group? Why /var/mail/<username> files have 0660 <username>:mail permissions instead of 0600 permissions? The fact is, I don't know the answer and I'd appreciate your help.
Some facts:
distro | group | perm ---------+-------+--------- Fedora | mail | 0660 Ubuntu | mail | 0600 openSuSE | users | 0600 (user is member of users group) debian 4.0 | mail | 0660
(Note: This is result of my own investigations on installed systems or livecds, I don't know if any installed system had changed settings.)
Interesting thing is, that when new user is added to the system, useradd creates /var/mail/<username> file with <username>:mail 0660 permissions, but when you delete this file and the user gets new email, this file will be autocreated with 0600 permissions (still <username>:group owned) and it seems everything still works.
useradd command comes from shadow-utils and fedora contains no patch changing permissions to 0660.
The most important question is: Is there anything that requires these files can be read and written by mail group?
If you have any info regarding this, please share.
Just a guess, but if you run useradd from shell, your umask is likely 0002. Sendmail's umask is probably 022 as set in /etc/init.d/functions
0660 is explicitly set by useradd:
gr = getgrnam ("mail"); /* local, no need for xgetgrnam */ if (NULL == gr) { fputs (_("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"), stderr); gid = user_gid; mode = 0600; } else { gid = gr->gr_gid; mode = 0660; }
On Fri, Oct 09, 2009 at 03:31:45PM +0200, Michal Hlavinka wrote:
I've got quite simple question from dovecot's upstream: Why do we have rw access on mails for mail group?
There are two popular models for MTA/MDAs. Run as root and drop priviledges to the receiving user or run under another uid/gid (like using gid mail) which then needs write access to all mailboxes.
So depending on the security model of the MTAs you use you may or may not need the mail group being able to write into your mailboxes.
I wouldn't change it, because if you don't seem to need it then no process is obviously running as gid mail. And in case you do switch to another MTA/MDA with a different security model you will not be surpised by mails not being delivered.