On Friday 09 October 2009 16:36:34 Mike McGrath wrote: > On Fri, 9 Oct 2009, Michal Hlavinka wrote: > > Hi all! > > > > I've got quite simple question from dovecot's upstream: Why do we have rw > > access on mails for mail group? Why /var/mail/<username> files have 0660 > > <username>:mail permissions instead of 0600 permissions? The fact is, I > > don't know the answer and I'd appreciate your help. > > > > Some facts: > > > > distro | group | perm > > ---------+-------+--------- > > Fedora | mail | 0660 > > Ubuntu | mail | 0600 > > openSuSE | users | 0600 (user is member of users group) > > debian 4.0 | mail | 0660 > > > > (Note: This is result of my own investigations on installed systems or > > livecds, I don't know if any installed system had changed settings.) > > > > Interesting thing is, that when new user is added to the system, useradd > > creates /var/mail/<username> file with <username>:mail 0660 permissions, > > but when you delete this file and the user gets new email, this file will > > be autocreated with 0600 permissions (still <username>:group owned) and > > it seems everything still works. > > > > useradd command comes from shadow-utils and fedora contains no patch > > changing permissions to 0660. > > > > The most important question is: Is there anything that requires these > > files can be read and written by mail group? > > > > If you have any info regarding this, please share. > > Just a guess, but if you run useradd from shell, your umask is likely > 0002. Sendmail's umask is probably 022 as set in /etc/init.d/functions 0660 is explicitly set by useradd: gr = getgrnam ("mail"); /* local, no need for xgetgrnam */ if (NULL == gr) { fputs (_("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"), stderr); gid = user_gid; mode = 0600; } else { gid = gr->gr_gid; mode = 0660; } -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list