current-users: Re: Mail and locking

Subject: Re: Mail and locking
To: None <cjs@portal.ca, woods@web.net>
From: Grey Wolf <greywolf@siva.captech.com>
List: current-users
Date: 12/05/1996 10:38:54
# From cjs@portal.ca Wed Dec  4 15:10:38 1996
# 
# I'm suggesting 1755 for /var/mail.

And what good would this do?

# 
# Umm...how on earth is a process supposed to create its lockfile if you
# turn off the sticky bit? Or are you proposing to go out and modify mail
# programs to make them run suid or sgid?

I think you misunderstand the semantics of a sticky bit.  A t-bit on
a mode 755 directory means that only the superuser and the owner can
write to it; and only the super-user and the owner of the file (or the
directory) can delete the file.  But since only the super-user and the
owner of the directory can write to the directory in the first place
(755), the t-bit is useless in this context.

# 
# > If the local delivery and mail-pickup processes are setgid to the unique
# > member-less group which owns and has write permission on /var/mail, and
# > the system supports the POSIX notion of giving away files on quota-less
# > filesystems, and /var/mail is on such a filesystem, then life with
# > mailers can become very mundane and routine with few risks to anyone.
# 
# You do want them to run sgid. Ok. I give up right here. Once again
# we seem to have quite differering ideas of security. Not to mention
# `simplicity.'

If you're talking a non-shared filesystem, it's very secure (if done
right).  If you're talking a NFS'd filesystem, you can toss security
out the window even if you don't make it group-owned/writable, unless
you can assure yourself that none of the nodes on the network will
provide super-user access to unauthorized personnel.

# 
# In other words, any algorithm that attempts removal of stale locks
# is incorrect. You obviously don't administer any large sites.

This is a sticky wicket unless you implement a site-wide locking proto-
col handler suite (libraries + daemons + system utilities + ...).

# 
# Oh, and I enjoyed your description of how to fix a broken mail
# file. Yet another new definition of K.I.S.S., I see.

And it still begs the question of "what if you're not the super-user
and you have this problem?"

# 
# cjs
# Vancouver, BC   (604) 257-9400		De gustibus, aut bene aut nihil.

[what is that in latin?  Is that "there's no accounting for taste"?]

# 
# 

				--*greywolf;