YATES@C.CHEM.UPENN.EDU ("YATES, JOHN H.") (03/27/91)
I now have umask 077 in /etc/stdcshrc so that mbox in the user's dir gets no privs for group, but /usr/mail/username files get g:rw !! Why is this and how can I prevent any group privs? I also find some length 0 /usr/mail/username files out there, but when I read my newmail and quit, mine gets deleted. Do I assume that adduser creates a zero sized file for the user, but when it gets used it gets deleted? If I can coerce the file to remain even if zero length, at least I can forever put the "correct" protections on existing ones. I alias mail to Mail, set mail = (60 /usr/mail/$LOGNAME), and in .mailrc set ask askcc asksub Thanks, John yates@a.chem.upenn.edu
rpaul@crow.UUCP (Rodian Paul) (03/27/91)
> I now have umask 077 in /etc/stdcshrc so that mbox in the user's dir > gets no privs for group, but /usr/mail/username files get g:rw !! > Why is this and how can I prevent any group privs? > You need to modify /etc/cshrc and /etc/profile to set up default umasks. The std files are for copying to new accounts. So what if /usr/mail/userid files are group rw. How many of your users belong to the group mail? Besides, if you type: % Mail -u userid you can read (but not modify) the users mail. This is standard BSD mail as far as I know. I assume that because /bin/mail /usr/sbin/Mail are set-group mail, that allows you to read other peoples mail files. However you can't read their ~/mbox files unless they aren't 600. > I also find some length 0 /usr/mail/username files out there, but > when I read my newmail and quit, mine gets deleted. Do I assume that > adduser creates a zero sized file for the user, but when it gets used > it gets deleted? If I can coerce the file to remain even if zero length, > at least I can forever put the "correct" protections on existing ones. > This I also find a little perplexing. Because /usr/mail is a symbolic link on all of our machines to a server, I assume that the NFS file-locking bug is the culprit, but I'm not sure. ------------------------------------------------------------------------------- crow!rpaul@ccut.cc.u-tokyo.ac.jp phone: +81 (3) 5706-8357 ccut.cc.u-tokyo.ac.jp!crow!rpaul FAX: +81 (3) 5706-8437