Hi,
On Tue, Aug 04, 2009 at 08:00:42PM -0400, Timo Sirainen wrote:
On Tue, 2009-08-04 at 19:53 -0400, Rob Mangiafico wrote:
What permissions does /var/spool/mail/john have? I guess mail group has read permissions? Just removing that should fix the error.
-rw-rw---- 1 john mail 5676767 Aug 4 19:50 /var/spool/mail/john
Those are the default permissions that sendmail uses I believe. Not sure if removing "mail" group r/w would have any other impact for sendmail/procmail? Thanks for taking the time to help.
It depends on your setup, but usually mail group shouldn't need read or write access to users' mails. Seems like a security risk to me in any case.
I think that's the standard setup on Red Hat/CentOS/Fedora boxes. User mboxes are by default owned by <user>:mail with 0660, while the spooldir is owned root:mail with 0775
# useradd abc123 # ls -ltrAd /var/spool/mail{,/abc123} -rw-rw---- 1 abc123 mail 0 2009-08-06 19:44 /var/spool/mail/abc123 drwxrwxr-x. 2 root mail 4096 2009-08-06 19:44 /var/spool/mail
Axel.Thimm at ATrpms.net