On Fri, 8 Jan 2010 15:06:40 +0100, Sven Hoexter <s...@timegate.de> wrote: >> The mail group has read/write access to /var/mail/* and is intended for >> the mail daemons. For instance, Dovecot IMAP runs as the dovecot user >> ID, with mail group permission. > > I wouldn't overrate this issue though it's a reasonable concern. > But on systems where you run MTAs such as ssmtp you usually don't store > mails locally in /var/mail/.
Even then... If you need to give read permission the ssmtp configuration to users, you are almost back to square one with #500454. The authentication token is effectively visible to (real) all users. -- Rémi Denis-Courmont http://www.remlab.net http://fi.linkedin.com/in/remidenis -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org