On Thu, Aug 26, 2021 at 10:21:55AM +0200, Philipp Ewald wrote: > Thank you for your advise! > > i will add user to mail group and try again.
That is absolutely *not* what I advised. Ordinary users should not be in the "mail" or "courier" group. Those groups are for mail programs/daemons only. Putting a user in the mail group will (among other things) allow that user to delete *other* users' mailboxes from /var/mail/, if you keep them there. drwxrwsr-x 2 root mail 4096 Jan 11 2018 /var/mail/ Your original plan (change the permissions on the /run subdirectory) is better than that, even if it means your system is "vulnerable" to the information disclosure that the change is trying to prevent. The severity of this disclosure depends on what type of users you have on your system. If it's just you, then there's nothing to worry about. If you have multiple real human users on your system and feel that keeping your password hashes a secret is a high priority, then you should talk to the maildrop support people and see what *they* suggest.
