Path: utzoo!attcan!uunet!ncrlnk!ncr-sd!hp-sdd!hplabs!decwrl!purdue!bu-cs!bloom-beacon!mit-eddie!uw-beaver!cornell!rochester!pt.cs.cmu.edu!cadre!pitt!darth!investor!news
From: news@investor.UUCP ( Bob Peirce)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Message-ID: <1039@investor.UUCP>
Date: 16 Nov 88 18:36:26 GMT
References: <175@ernie.NECAM.COM>
Reply-To: rbp@invest.UUCP (Bob Peirce #74)
Distribution: na
Organization: Cookson, Peirce & Co., Pittsburgh, PA
Lines: 15

In article <175@ernie.NECAM.COM> peter@ernie.NECAM.COM (Peter DiPrete) writes:
>
>Here's the question, since the mail directory *must* have liberal
>permissions to allow any user access to his/her mailbox, how can I
>protect people's files. Even if a file has permissions set to 000,
>any other user can blow it away! Can I protect people's mail better than this?

Our SysV mail has very restricted permissions.  The directory has rwx for
owner and group (mail) only and so do the files.  All files are in the
mail group and mail, I suppose, runs setgid mail.

-- 
Bob Peirce, Pittsburgh, PA				 412-471-5320
uucp: ...!{allegra, bellcore, cadre, idis, psuvax1}!pitt!investor!rbp
	    NOTE:  Mail must be < 30K  bytes/message