Subject: Mail permissions
To: None <current-users@NetBSD.ORG>
From: Terry Moore <tmm@databook.com>
List: current-users
Date: 03/16/1995 19:17:21
With all these security discussions, I have a related question on mail
security issues.
Background:
I just built and installed ELM 2.4. I found that, to make it work,
it had to be SGID Wheel, and I had to tweak the protections on
my /var/mail directory as created by the NetBSD (386) 1.0
install process. (Elm being SGID to the mail group is a
standard option for ELM; elm being SUID root is not, and I'm not
about to do that anyway....)
/usr/libexec/mail_local is SUID root.
/var/mail was 755 protection, owned by root.wheel.
I changed /var/mail to 775, and made elm SGID wheel, and things
work.
On my other systems (such as Sys V R3.2 on my 3b2s) in which
elm is SGID, the mail directory is marked as having its own
group (mail). On my suns, /var/spool/mail has 777 protection,
and the individual files have 600 protection, and user/group
IDs appear to be set to the defaults from the user definition
in the passwd file.
It appears as if NetBSD matches neither SunOS 4.1.3 nor the Sys
V conventions. On NetBSD 1.0, the mail files are set up
matching SunOS, but the mail directory seems to be set up in a
way that is more like Sys V.
Questions:
1) Is it safe for elm to be SGID wheel under NetBSD? I imagine not.
2) What is the intended protection scheme for mail under
NetBSD.