[I'm forwarding this message from debian-devel as it didn't get answered there. Any input is most welcome! Please Cc me on replies as I'm not subscribd to debian-policy.]
> > > Is it a problem that the spool files are not "rw" for the group? Postfix > > > delivers that way. > > > > > > > Then postfix is violating Debian policy. See > > http://www.debian.org/doc/debian-policy/ch12.html#s12.6 . > > > > Actually the specific statement there is kind of ambiguous. > > > > "Mailboxes are generally 660 user.mail unless the user has chosen > > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > > otherwise." > > ^^^^^^^^^^ > > > > Does that mean I have to support any kind of configuration a user could > > possibly come up with? > > i would like to know why policy even suggests mailspools have 660 > > user.mail permissions, postfix being a sane mailer sets permissions to > > 600 user.mail. making mailspools writable by group mail does nothing > > but make a gid=mail exploit disasterous where it would ordinarily be > > rather boring. (especially if you change /var/mail permissions to > > 3775) So the issues are: 1. What is the rationale for the policy mail spools must be 0660 $USER:mail? 2. Is that the only supported configuration? 3. If not, what kinds of configurations does a package have to support? -- Jaldhar H. Vyas <[EMAIL PROTECTED]>