Bug 41811

Summary: No local mail delivery possible
Product: [Retired] Red Hat Linux Reporter: Jos Vos <jos>
Component: shadow-utilsAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: dr, teg
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-05-22 15:57:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jos Vos 2001-05-22 14:12:04 UTC 
Postfix isn't able to to deliver any local mail, because it calls the local
delivery agent (procmail) as the user receiving the mail (and for root it
even uses another user, see main.cf). This problem first appeared after
procmail's setuid and setgid bits were removed in RHL 7.1.

An (insecure?) workaround is to change procmail to setuid root / setgid
mail. FWIW: only changing setgid mail (so not setuid root) works for
delivering mail to all users except root.
Comment 1 Bernhard Rosenkraenzer 2001-05-22 15:32:00 UTC 
Where is the problem? At least on my system, a local user can deliver mail to 
himself. I'm running postfix here without any problems or setuid/setgid bits.
Comment 2 Jos Vos 2001-05-22 15:49:38 UTC 
A prerequisite for the problem is that no mail spoolfile (/var/spool/mail/$USER)
exists for the receiving user (it can append to a spoolfile - except for root -,
but it can't create a new spoolfile).
Comment 3 Bernhard Rosenkraenzer 2001-05-22 15:57:35 UTC 
Don't do that, then(tm).
The only ways to "fix" this would be making procmail or postfix setuid or 
making /var/mail world-writable, all of which opens the door to security 
problems.

The problem can be reduced though: adduser should create an empty mail spool 
for the user. assigning to shadow-utils so I'll remember to do this.
Comment 4 Bernhard Rosenkraenzer 2001-05-22 16:36:55 UTC 
Done in shadow-utils-20000902-1.
Comment 5 Jos Vos 2001-05-22 17:13:13 UTC 
And what about users not created with useradd, like NIS users or users
authenticated remotely?

Furthermore, this would mean an environment with many thousands of users would
*always* have many thousands of /var/spool/mail directory entries, not a very
appealing idea...