Bug#470994: mail_spool default mode is 0660
Josip Rodin
joy at debbugs.entuzijast.net
Sat Mar 15 00:27:25 UTC 2008
Package: exim4-config
Hi,
The package's /etc/exim4/conf.d/transport/30_exim4-config_mail_spool
says:
group = mail
mode = 0660
mode_fail_narrower = false
Why is this so, again? The manual says that the default is to use the Exim
group and mode 0600. I can't remember any reason why the mail group would be
necessary, for anything other than creating the dot locks in the /var/mail
directory, and that is allowed already by the directory permissions (it's
g+w mail).
I suppose using group 'mail' just makes sense, but why would we let the said
group read and write user mailboxes? I suppose there could be some software
that could need it, but if the common uses like mutt and dovecot don't need
it, and indeed it only serves for privilege escalations in those setups,
shouldn't the default be changed back to the more secure settings?
--
2. That which causes joy or happiness.
More information about the Pkg-exim4-maintainers
mailing list