On Sun, 8 Jan 2006, Les Mikesell wrote:
On Sat, 2006-01-07 at 17:56, Tim wrote:
On Sat, 2006-01-07 at 20:25 +0100, Alexander Dalloz wrote:
At least now you should get a big fat warning and complaint in your
maillog about the permissions of the .forward file. 'chmod
640 .forward' it. "/home" is hopefully `chmod 755' and not more (not
world writable).
It does seem odd, to me, that many files in our home directories default
to being "-rwxrw-rw-". Surely making things readable, by default, to
anyone is a bad idea? You're relying on parent directory permissions to
protect you from snooping; and sometimes they're not brilliantly set,
either. I'd have thought it best to start off with "-rwx------", and
let people add permissions when they're necessary.
Unix was developed in a time and place where the purpose of
a multiuser machine was often so the people using it could share
things. That doesn't seem to be the case anymore, but you
have to draw your own conclusions about whether that is
good or bad.
It's reality. But it would be pretty sad if a modern Unix system required
this kind of slackness for normal day-to-day operation. That's the sort
of thing that we all so enjoy sitting around and bashing Windows for.
Fortunately, the situation is nowhere near that bad. In the present
thread, sendmail is complaining about *lack of* security. The solution is
to make $HOME 700 and .forward 600.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
