Description of Problem: useradd creates /var/spool/mail/username mailspool file with mode 0660, so if the users primary group is a shared group eg. users then all other group members can read/write the poor users mails. Version-Release number of selected component (if applicable): shadow-utils-20000902-7 How Reproducible: always Steps to Reproduce: 1. useradd -g users somebody Actual Results: /var/spool/mail/somebody is owned by somebody:users and is mode 0660 Expected Results: /var/spool/mail/somebody should not be readable/writable by users group ! Additional Information: This bug is a duplicate of 59810. This one just applies to RH 7.3. I also checked the latest rawhide shadow-utils and it still has the same buggy shadow-20000902-mailspool.patch patch. Owl has a patch for "correctly" creating the mailspool. That patch applies to shadow-utils-20000902-7 with minimal changes. I'll attach the patch.
Created attachment 79325 [details] Patch from Owl for securely creating the mailspool file
*** This bug has been marked as a duplicate of 59810 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.