Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!wivax!linus!allegra!eagle!mhuxt!mhuxi!mhuxa!houxm!hou2b!wcs
From: wcs@hou2b.UUCP
Newsgroups: net.mail,net.unix-wizards
Subject: Re: Mail Security and Locking Problems
Message-ID: <22@hou2b.UUCP>
Date: Thu, 2-Jun-83 19:06:24 EDT
Article-I.D.: hou2b.22
Posted: Thu Jun  2 19:06:24 1983
Date-Received: Tue, 7-Jun-83 14:52:26 EDT
References: utah-cs.1649
Lines: 23

Jay Lepreau points out that several programs under 4.1BSD create
their lock files in /usr/spool/mail.  This implies that the
directory be writable, and hence I have a problem:

I am running a fairly old copy of 4.1BSD, so maybe this has been fixed.
When I send mail to "joe", and he doesn't have a /usr/spool/mail/joe
file, it is created with MY userid and umask permissions.  Thus,
even if joe can read his mailfile, he probably can't write to it,
and neither can anyone but myself.  The main time this problem
occurred was when joe read, and deleted, all his mail, and Mail
deleted the mailfile for him.
	I had solved this by setting /usr/spool/mail to
dr-xr-xr-x owned by root, and creating mailfiles for all my users
with the appropriate ownership and permissions.  This allowed them
to modify, but not delete, their files, and it seemed to work fine.

	Do I now have to change this to allow lock files to be
created, and has this problem been fixed already?

			Thanks;  Bill Stewart
				 BTL-HO x0705
				 hou2b!hoscf!bin or
				 hou2b!hoscf!bill