A permission setting of "rwx" (7) in the "others" position (the 3rd cluster
of rwxrwxrwx) allows EVERYONE to write to that directory.
Your mail spooler directory (usually /var/spool/mail) should have rwxrwxr-x
(775). If the owner and group listed are set to something similar to "root"
(owner) and "mail" (group), the general user population will not be able to
write to that directory.
Now, your own mailbox is readable & writable by you and you are set as the
owner by your SMTP software.
Setting the directory to "777" for permissions, is just BAD SECURITY
PRACTICE. If you're getting that message from your mail server software,
you need to look for a different package or an update/patch to it. Although
it may handle it's own security, anyone with a shell account can create
files in the mail spooler directory.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Roland, RHCE (RedHat Certified Engineer)
Owner, Roland Internet Services
"The four surefire rules for success: Show up, Pay attention, Ask
questions, Don't quit."
--Rob Gilbert, PH.D.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----- Original Message -----
From: "Ray Olszewski" <[EMAIL PROTECTED]>
To: "Daniel Provin" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, April 23, 2001 5:09 AM
Subject: Re: mailbox
> At 06:51 PM 4/22/01 -0300, Daniel Provin wrote:
> >hi
> >
> >i have a problem like, when i open my mail, e see a msg like:
> >Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
>
> A message "like" this or this message? In either case, it does not look
> complete - logs normally indicate the name of the process that posted the
> log entry.
>
> >on the maillog file
> >then i try to change the permissions of the /var/spool/mail dir to 1777
> >but then it have permission to everyon write there
> >is that right?
>
> No (or at least not on my Debian systems). I have this directory set to
the
> Debian defaults, which are:
>
> owner = root
> group = mail
> mode = 775 + sgid
>
> The files *in* the directory are:
>
> owner = uid of account
> group = mail
> mode = 660
>
> The MTA I use (exim) then runs with mode 755 + suid.
>
>
> --
> ------------------------------------"Never tell me the odds!"---
> Ray Olszewski -- Han Solo
> Palo Alto, CA [EMAIL PROTECTED]
> ----------------------------------------------------------------
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to [EMAIL PROTECTED]
> Please read the FAQ at http://www.linux-learn.org/faqs
>
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
