Mailbox vulnerable?
Hongwei Li
hongwei at morpheus.wustl.edu
Mon Jun 28 14:18:20 UTC 2004
Thanks! But my rh7.3 box has
# ls -ld /var/spool/mail/
drwxr-xr-x 2 root root 4096 Jun 28 08:00 /var/spool/mail/
but never shows any warning message. Is it because rh7.3 is too old?
Also, should it be drwxrwxrwt or drwxrwxr-t? should it be
drwxrwxrwt root mail
or
drwxrwxrwt root root?
Thanks!
> /var/spool/mail should have the following permissions:
> drwxrwxrwt (it should have the sticky bit set).
>
> Quoting Hongwei Li <hongwei at morpheus.wustl.edu>:
>
>> Hi,
>>
>> We have a fc1 box. We have he permissions setting as:
>>
>> # ls -ld /var/spool/mail
>> drwxrwxr-x 2 root mail 4096 Jun 28 08:43 /var/spool/mail
>> # ls -ld /tmp
>> drwxrwxrwt 11 root root 24576 Jun 28 08:43 /tmp
>>
>> The LogWatch always shows the warning:
>>
>> Mailbox vulnerable - directory /var/spool/mail must have
>> 1777 protection
>>
>> When a regular user (except root) opens pine to read
>> mails, he also sees
>> this message at the very beninning for about 1 to 2
>> seconds. As I
>> understand, the permission drwxrwxr-x is correct. What
>> is wrong? Do I
>> need to change the permission on the mail directory? if
>> yes, change it to
>> what?
>>
>> Thanks!
>>
>> Hongwei
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe:
>> http://www.redhat.com/mailman/listinfo/fedora-list
>>
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list