Subject: re: /var/cron -> /etc/cron
To: None <>
From: Greg A. Woods <>
List: current-users
Date: 04/05/1999 11:28:44
[ On Monday, April 5, 1999 at 18:10:23 (+1000), matthew green wrote: ]
> Subject: re: /var/cron -> /etc/cron 
>    ...and I *like* my mail to stay in /var/mail, thanks.
>    [at least until I delete it.]
> are you saying you only like inherently insecure mail delivery?

Mail delivery to a common spool directory is only inherently insecure if
your mailer tries to deliver it as if it were you (ala mail.local).  If
your MTA and MUAs all use a common unique group-id which has write
access *only* to the mail spool directory (and of course the mail files)
then only your e-mail system can be compromised if it is broken.  Such a
scheme is probably even more secure than any other central-database
system that avoids requiring superuser privileges, such as Cyrus IMAP
which requires its own external authentication hooks (and thus may be in
a position to compromise not only your e-mail but also your [e-mail]

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>