Description of Problem:
useradd creates /var/spool/mail/username mailspool file with mode 0660, so
if the users primary group is a shared group eg. users then all other group
members can read/write the poor users mails.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. useradd -g users somebody
/var/spool/mail/somebody is owned by somebody:users and is mode 0660
/var/spool/mail/somebody should not be readable/writable by users group !
This bug is a duplicate of 59810. This one just applies to RH 7.3. I also
checked the latest rawhide shadow-utils and it still has the same buggy
Owl has a patch for "correctly" creating the mailspool. That patch applies to
shadow-utils-20000902-7 with minimal changes. I'll attach the patch.
Created attachment 79325 [details]
Patch from Owl for securely creating the mailspool file
*** This bug has been marked as a duplicate of 59810 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.