kim@kannel.lut.fi (Kimmo Suominen) (07/04/89)
Robert Krawitz told me to do the following: 1) Set /usr/spool/mail protection to 1730. Well, the sticky bit didn't prevent anyone from removing someone elses files in a directory, if they had write permission to it. It wasn't documented so in the man page for chmod(2) and we didn't even have a man page for sticky(8). I had though protection 1777 for /usr/mail, since the following is true. 2) Movemail setgid, group mail. If I do this, anyone can read any inbox file. This is because (as I have mentioned before) our mail system creates new inboxes with protection set to 660 and I don't know how to change this. 3) ... note also that movemail can check ownership ... Yes, I guess this is the only solution to this problem, unless... How does mail or mailx prevent other processes from writing to the inbox file while someone is reading his/her mail? Do they use lockf(2)? In case they do, wouldn't it be better to use it with movemail, too. The way I see it, the problem is mainly caused by movemail trying to write to /usr/mail to create the lock file. I could use flock(2) if I had it. Unfortunately I don't. I'm running HP-UX 3.0 and I'd like to know, what other HP-UX users have done with this problem. Kim -- ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ( Kimmo Suominen Electronic Mail on Internet: kim@kannel.lut.fi ) ( "That's what I think!" on Funet: KUULA::KIM ) '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''