Bug 41811 - No local mail delivery possible
No local mail delivery possible
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils (Show other bugs)
i386 Linux
high Severity high
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
Depends On:
  Show dependency treegraph
Reported: 2001-05-22 10:12 EDT by Jos Vos
Modified: 2008-05-01 11:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-22 11:57:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jos Vos 2001-05-22 10:12:04 EDT
Postfix isn't able to to deliver any local mail, because it calls the local
delivery agent (procmail) as the user receiving the mail (and for root it
even uses another user, see main.cf). This problem first appeared after
procmail's setuid and setgid bits were removed in RHL 7.1.

An (insecure?) workaround is to change procmail to setuid root / setgid
mail. FWIW: only changing setgid mail (so not setuid root) works for
delivering mail to all users except root.
Comment 1 Bernhard Rosenkraenzer 2001-05-22 11:32:00 EDT
Where is the problem? At least on my system, a local user can deliver mail to 
himself. I'm running postfix here without any problems or setuid/setgid bits.
Comment 2 Jos Vos 2001-05-22 11:49:38 EDT
A prerequisite for the problem is that no mail spoolfile (/var/spool/mail/$USER)
exists for the receiving user (it can append to a spoolfile - except for root -,
but it can't create a new spoolfile).
Comment 3 Bernhard Rosenkraenzer 2001-05-22 11:57:35 EDT
Don't do that, then(tm).
The only ways to "fix" this would be making procmail or postfix setuid or 
making /var/mail world-writable, all of which opens the door to security 

The problem can be reduced though: adduser should create an empty mail spool 
for the user. assigning to shadow-utils so I'll remember to do this.
Comment 4 Bernhard Rosenkraenzer 2001-05-22 12:36:55 EDT
Done in shadow-utils-20000902-1.

Comment 5 Jos Vos 2001-05-22 13:13:13 EDT
And what about users not created with useradd, like NIS users or users
authenticated remotely?

Furthermore, this would mean an environment with many thousands of users would
*always* have many thousands of /var/spool/mail directory entries, not a very
appealing idea...

Note You need to log in before you can comment on or make changes to this bug.