Bug 41811
Summary: | No local mail delivery possible | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Jos Vos <jos> |
Component: | shadow-utils | Assignee: | Bernhard Rosenkraenzer <bero> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.1 | CC: | dr, teg |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-05-22 15:57:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jos Vos
2001-05-22 14:12:04 UTC
Where is the problem? At least on my system, a local user can deliver mail to himself. I'm running postfix here without any problems or setuid/setgid bits. A prerequisite for the problem is that no mail spoolfile (/var/spool/mail/$USER) exists for the receiving user (it can append to a spoolfile - except for root -, but it can't create a new spoolfile). Don't do that, then(tm). The only ways to "fix" this would be making procmail or postfix setuid or making /var/mail world-writable, all of which opens the door to security problems. The problem can be reduced though: adduser should create an empty mail spool for the user. assigning to shadow-utils so I'll remember to do this. Done in shadow-utils-20000902-1. And what about users not created with useradd, like NIS users or users authenticated remotely? Furthermore, this would mean an environment with many thousands of users would *always* have many thousands of /var/spool/mail directory entries, not a very appealing idea... |