From owner-freebsd-questions  Mon Sep 15 22:25:53 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id WAA29907
          for questions-outgoing; Mon, 15 Sep 1997 22:25:53 -0700 (PDT)
Received: from gdi.uoregon.edu (cisco-ts13-line11.uoregon.edu [128.223.150.160])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id WAA29900
          for <freebsd-questions@FreeBSD.ORG>; Mon, 15 Sep 1997 22:25:50 -0700 (PDT)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.5/8.8.5) with SMTP id WAA03229;
          Mon, 15 Sep 1997 22:23:43 -0700 (PDT)
Date: Mon, 15 Sep 1997 22:23:42 -0700 (PDT)
From: Doug White <dwhite@gdi.uoregon.edu>
X-Sender: dwhite@localhost
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: Paul Dekkers <paul@nev.ml.org>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IMAP
In-Reply-To: <Pine.LNX.3.96.970914120342.172B-100000@gromit.nev.ml.org>
Message-ID: <Pine.BSF.3.96.970915222237.3096R-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 14 Sep 1997, Paul Dekkers wrote:

> >Oh, the other part of it is make it owned by bin:bin.
> >
> >drwxrwxr-x   2 bin     bin       512 May 20 14:31 mail/
> >
> >This way sendmail et.al. can write stuff in there, but run as someone
> >other than bin, such as a user.  But not just anyone can dump stuff in
> >there.
> 
> I tried, but I thought imap wanted to create the lockfiles with the user
> as owner?! At least, when I changed mail's perms to bin.users and
> drwxrwxr-x theproblem disappeared...

Okay, it may depend on who owns imapd.  

> >I made that change after the IMAP problem; they had some suggestions for
> >setting up /var/mail perms for best results.
> 
> by another way; isn't imap really unsafe? as a normal user I can view the
> root filesystem, even with no shell or ftp account!? (and also when I've
> an account with limited root)

There was a security problem with imap that is fixed in the latest
release.

So what if I can see /?  I'd have a heck of a time if I couldn't.  You
shouldn't put anything important in there anyway.

If I can write to it, that is a bigger problem..

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major
Spam routed to /dev/null by Procmail    | Death to Cyberpromo