Newsgroups: comp.os.minix
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!menudo.uh.edu!lobster!nuchat!kevin
From: kevin@nuchat.sccsi.com (Kevin Brown)
Subject: Re: gak! yet another idiot beginner asking stupid stuff!
Message-ID: <1991May14.202411.3372@nuchat.sccsi.com>
Organization: Teenage Mutant Ninja NiceGuys(tm)
References: <9852@star.cs.vu.nl> <9105102589@arrakis.nl.mugnet.org> <1991May13.124327.21919@nmrdc1.nmrdc.nnmc.navy.mil>
Date: Tue, 14 May 91 20:24:11 GMT

In article <1991May13.124327.21919@nmrdc1.nmrdc.nnmc.navy.mil> rdc30@nmrdc1.nmrdc.nnmc.navy.mil (LCDR Michael E. Dobson) writes:
>In article <9105102589@arrakis.nl.mugnet.org> bert@arrakis.nl.mugnet.org (Bert Laverman) writes:
[discussion about the Right Way To Handle Mail deleted]
>>It probably would work, but it's _not_ the way to go. /usr/bin/mail is
>>(or should be) setuid root, and can therefore create and access all mailboxes
>>without any problems. It also chowns them to their owner, so with -rw-------
>>access, only the owner of a mailbox can read it.
>>
>My $0.02, I'd make it setgid mail. Then the mbox is   user  mail -rw-rw----
>This would seem to be a little more secure than having /usr/bin/mail a
>setuid root program.  This is how it works on my Sys V R3.2 box.

This won't work with Minix as it exists out of the box.  The reason is that
not only does it have to be able to write existing mailboxes (which is
taken care of by the setgid option you mention) but it also has to be able
to create new mailboxes.  This won't work unless you're sending mail to
yourself :-).

The reason for all that is that the chown() system call requires root privs
under Minix.  Under System V, it doesn't, but instead checks to see whether
or not the owner of the file (or root) is trying to change the file's
ownership.  On systems without disk quota, the approach taken by System V
is the Right Answer (IMHO). But the System V approach leads to problems on 
systems that implement disk quota (you want more space?  chown your files to 
root! :-)...

>Mike Dobson, Sys Admin for      | Internet: rdc30@nmrdc1.nmrdc.nnmc.navy.mil


--
Kevin Brown						    Disclaimer: huh?
kevin@nuchat.sccsi.com				kevin@taronga.hackercorp.com

Minix -- the Unix[tm] of the 90's.  System V -- the Multics of the 90's.  :-)

