Bug#470994: mail_spool default mode is 0660

Sun, 01 Feb 2009 17:44:35 -0800 

On Sun, 2009-01-25 at 15:42 -0800, Russ Allbery wrote:
> 
> This is a ping for this proposed change for additional seconds or
> objections.  It would relax the requirement in Policy that mail spool
> files be mode 0660 and permit them to be mode 0600 if the MDA system used
> does deliveries as the user.
> 
> > --- a/policy.sgml
> > +++ b/policy.sgml
> > @@ -8062,12 +8062,27 @@ 
> > http://localhost/doc/<var>package</var>/<var>filename</var>
> >     </p>
> >  
> >     <p>
> > -     Mailboxes are generally mode 660
> > -     <tt><var>user</var>:mail</tt> unless the system
> > -     administrator has chosen otherwise.  A MUA may remove a
> > -     mailbox (unless it has nonstandard permissions) in which
> > -     case the MTA or another MUA must recreate it if needed.
> > -     Mailboxes must be writable by group mail.
> > +     Mailboxes are generally either mode 600 and owned by
> > +     <var>user</var> or mode 660 and owned by
> > +     <tt><var>user</var>:mail</tt><footnote>
> > +       There are two traditional permission schemes for mail spools:
> > +       mode 600 with all mail delivery done by processes running as
> > +       the destination user, or mode 660 and owned by group mail with
> > +       mail delivery done by a process running as a system user in
> > +       group mail.  Historically, Debian required mode 660 mail
> > +       spools to enable the latter model, but that model has become
> > +       increasingly uncommon and the principle of least privilege
> > +       indicates that mail systems that use the first model should
> > +       use permissions of 600.  If delivery to programs is permitted,
> > +       it's easier to keep the mail system secure if the delivery
> > +       agent runs as the destination user.  Debian Policy therefore
> > +       permits either scheme.
> > +     </footnote>. The local system administrator may choose a
> > +     different permission scheme; packages should not make
> > +     assumptions about the permission and ownership of mailboxes
> > +     unless required (such as when creating a new mailbox).  A MUA
> > +     may remove a mailbox (unless it has nonstandard permissions) in
> > +     which case the MTA or another MUA must recreate it if needed.
> >     </p>
> >  
> >     <p>

I've read through the report in full and I'm happy to second this also.

Regards,
                                        Andrew McMillan.





-- 
To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to