Mailbox vulnerable?

olga at urbantimes.net olga at urbantimes.net
Mon Jun 28 15:27:44 UTC 2004


Something else must be wrong with your settings.
I have Squirrelmail and Horde IMP running with those permissions for
/var/spool/mail (1777) just fine. Individual mailboxes have permissions of
660 in my setup.

You may want to read the following:
http://www.washington.edu/imap/IMAP-FAQs/index.html#7.10



> After I set:
>
> # chmod 1777 /var/spool/mail
> # ls -ld /var/spool/mail*
> drwxrwxrwt  2 root mail 4096 Jun 28 09:56 /var/spool/mail
> drwxr-xr-x  3 root root 4096 May 20 15:02 /var/spool/mailman
>
> My SquirrelMail immediately failed and automatically log out with "Login
> failure error".  Then, I checked the system log, and found the followings:
>
> Jun 28 09:57:46 morpheus imap(pam_unix)[29850]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1  user=hongwei
> Jun 28 09:57:49 morpheus imapd[29850]: Login failed user=hongwei
> auth=hongwei host=localhost.localdomain [127.0.0.1]
> Jun 28 09:57:52 morpheus imapd[29850]: Command stream end of file, while
> reading line user=hongwei host=localhost.localdomain [127.0.0.1]
> Jun 28 09:58:05 morpheus imap(pam_unix)[29856]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1  user=hongwei
> Jun 28 09:58:07 morpheus imapd[29856]: Login failed user=hongwei
> auth=hongwei host=localhost.localdomain [127.0.0.1]
> Jun 28 09:58:10 morpheus imapd[29856]: Command stream end of file, while
> reading line user=hongwei host=localhost.localdomain [127.0.0.1]
>
> I am afraid that other users will immediately complain to me, so I had to
> put it back as before, then I can use my squirrelmail.
>
> What is wrong?  Thanks!
>
> Hongwei
>
>
>
>> drwxrwxrwt root mail
>>
>> It's because Fedora 1 has a different version of imap than
>> 7.3.
>>
>> Quoting Hongwei Li <hongwei at morpheus.wustl.edu>:
>>
>>> Thanks!  But my rh7.3 box has
>>>
>>> # ls -ld /var/spool/mail/
>>> drwxr-xr-x    2 root     root         4096 Jun 28 08:00
>>> /var/spool/mail/
>>>
>>> but never shows any warning message.  Is it because rh7.3
>>> is too old?
>>>
>>> Also, should it be drwxrwxrwt or drwxrwxr-t? should it be
>>>
>>> drwxrwxrwt root mail
>>>
>>> or
>>>
>>> drwxrwxrwt root root?
>>>
>>> Thanks!
>>>
>>>
>>> > /var/spool/mail should have the following permissions:
>>> > drwxrwxrwt (it should have the sticky bit set).
>>> >
>>> > Quoting Hongwei Li <hongwei at morpheus.wustl.edu>:
>>> >
>>> >> Hi,
>>> >>
>>> >> We have a fc1 box.  We have he permissions setting as:
>>> >>
>>> >> # ls -ld /var/spool/mail
>>> >> drwxrwxr-x  2 root mail 4096 Jun 28 08:43
>>> /var/spool/mail
>>> >> # ls -ld /tmp
>>> >> drwxrwxrwt  11 root root 24576 Jun 28 08:43 /tmp
>>> >>
>>> >> The LogWatch always shows the warning:
>>> >>
>>> >> Mailbox vulnerable - directory /var/spool/mail must
>>> have
>>> >> 1777 protection
>>> >>
>>> >> When a regular user (except root) opens pine to read
>>> >> mails, he also sees
>>> >> this message at the very beninning for about 1 to 2
>>> >> seconds.  As I
>>> >> understand, the permission drwxrwxr-x is correct.
>>> What
>>> >> is wrong?  Do I
>>> >> need to change the permission on the mail directory?
>>> if
>>> >> yes, change it to
>>> >> what?
>>> >>
>>> >> Thanks!
>>> >>
>>> >> Hongwei
>>> >>
>>> >>
>>> >> --
>>> >> fedora-list mailing list
>>> >> fedora-list at redhat.com
>>> >> To unsubscribe:
>>> >> http://www.redhat.com/mailman/listinfo/fedora-list
>>> >>
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>> ----------------------------------------------------------------
>>> > This message was sent using IMP, the Internet Messaging
>>> Program.
>>> >
>>> >
>>> > --
>>> > fedora-list mailing list
>>> > fedora-list at redhat.com
>>> > To unsubscribe:
>>> http://www.redhat.com/mailman/listinfo/fedora-list
>>> >
>>>
>>>
>>> --
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe:
>>> http://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>
>>
>>
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>





More information about the fedora-list mailing list