Date: Thu, 31 Oct 1996 00:43:44 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: "Marc G. Fournier" <scrappy@ki.net> Cc: Mark Crispin <MRC@Panda.COM>, chat@FreeBSD.org Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <3290.846751424@time.cdrom.com> In-Reply-To: Your message of "Thu, 31 Oct 1996 00:47:02 EST." <Pine.NEB.3.95.961031003447.15243A-100000@quagmire.ki.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > 3) All users must have a mail file on the mail spool. > > a) This must be done as a consequence of account creation. > > I don't believe any of the Unix variants actually do this in > their adduser, do they? I don't think that was quite the point. Mark's simply saying that you can prevent a DoS on uncreated user mailboxes by making sure that whatever user adding utility you use (and I'd likely use adduser right about the time that the sun burnt out anyway) creates an empty one. Probably not a bad idea for those people who insist on creating /var/mail 1777. I think it's pretty simple, really, and I don't know why there's all this flammage about it. How you leave /var/mail is an admin decision, and some will wish to leave users the leverage to use their own mailers while others will realize that their users are only likely to shoot their feet off if given that ability, and tighen security further. Either way, it's possible to run a /var/mail *with either mode* if you also take care to attend to the various security ramifications of either decision. I don't see how it's any different from the 1,001 trade-off decisions a UN*X admin already has to make and certainly not worth writing the equivalent of several books about. Jordan P.S. Anyone who uses NFS and remote mailboxes deserves to lose lose lose anyway. It's just a bad idea, and not from any "policy" viewpoint but rather the knowledge that NFS is funkier than 3 reggae bass players in a VW microbus after 6 months on the road without showering.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3290.846751424>