Oliver Fromme
2007-Mar-15 10:35 UTC
Making /var/mail mode 1777 (was Re: Installing sendmail SUID installworld suggestion)
Joel Hatton wrote: > When sendmail is set to SUID in /etc/make.conf with SENDMAIL_SET_USER_ID=y, > it would be very helpful if installworld could also rename (or, to be > consistent with /etc/mail/README, remove) /etc/mail/submit.cf. This is > pretty trivial, but I seem to burn myself every time I rebuild a particular > system with this option set by forgetting that submit.cf gets recreated > during the install. On a related note ... On several machines I need to be able to have dot-locks for mail folders in /var/mail, which is only possible if that directory is world-writable (i.e. mode 1777). I certainly don't want to make all MUAs and other programs that access the directory setgid mail. However, upon each upgrade, "make installworld" resets the directory to mode 775. What's the best way to prevent that? I tried editing the appropriate mtree file, but that feels like a hack rather than a clean solution. Comments? How do others handle that situation? Best regards Oliver PS: I'm running RELENG_6. -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Gesch?ftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n- chen, HRB 125758, Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Passwords are like underwear. You don't share them, you don't hang them on your monitor or under your keyboard, you don't email them, or put them on a web site, and you must change them very often.
Matthew D. Fuller
2007-Mar-15 10:38 UTC
Making /var/mail mode 1777 (was Re: Installing sendmail SUID installworld suggestion)
On Thu, Mar 15, 2007 at 11:35:45AM +0100 I heard the voice of Oliver Fromme, and lo! it spake thus:> > What's the best way to prevent that? I tried editing the > appropriate mtree file, but that feels like a hack rather > than a clean solution.Well, I did it by the hack of stuffing a 'chmod 1777' in rc.local... -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream.