On 10 Jan 2017, at 10:55, Michael B Allen wrote:
bayes_file_mode 0777
Don't do that. Ever. It is not necessary, despite having been propagated widely as a supposed solution for system-wide Bayes permission issues. The clear indicator that whoever devised that was flailing in sheer ignorance is that it is 0777 instead of 0666: why would ANYONE need execute permission on a DB file???
The sane solution is to make sure everything that needs to write to the Bayes DB runs as the same user or as users which all have one group in common. The absolute loosest mode you should use is 0664, and that only if you do something like backups as an unprivileged user. If you can't be bothered to think about such security issues at least go with 0666 so it can't be subverted as a stealth executable.
