1777 Protection and "those other" IMAP clients

1777 Protection and "those other" IMAP clients

Post by Justzisgu » Sun, 12 Oct 2003 04:12:22


My network admins recently installed an IMAP server. Being a pine lover,
I jumped at the opportunity. I was met with the complaint "Mailbox
vulnerable - directory /var/spool/mail must have 1777 protection."

Now I realize that 1777 protection is needed to write a .lock file
(because imapd doesn't run as setuid root) so that my mail won't become
corrupted.

I telnetted to the IMAP server & executed an examine inbox command. I got
the same error. This made me suspect that they were using imapd & that it
wasn't properly configured.

I asked the admins about this & pointed to the IMAPd documentation that
told them to set 1777 or use mlock or something similar. There response
was that I should use Outlook or Eudora, which "do not require the type of
file permissions" I described and that they tested it extensively.

Are they correct or am I having smoke blown up my rear?

Because the complaint is made server side and because I'd assume that all
IMAP clients read and write to the mailboxes the same way, wouldn't the
selection of IMAP client not matter?

If I'm wrong, what do Outlook and Eudora do differently?

Not using .lock files doesn't mean that a mailbox will definitely be
corrupted, but that you're playing a crapshoot, right? Their anecdotal
evidence of testing doesn't matter.

I do hope I'm wrong & that someone can enlighten me as to how truly sage
my admins are. If I'm right, any suggestions on how to deal with stubborn
admins ;-)

Thanks!
 
 
 

1777 Protection and "those other" IMAP clients

Post by DINH Vi H » Sun, 12 Oct 2003 20:25:12


XXXX@XXXXX.COM wrote :


It will be the same with Outlook or Eudora, just that these software my
not point you to this error.


make them a course on concurrent file access ?

But although you have this warning about lock.
If you access your mail only with (UW-)IMAP(d), I think it will prevent
you from accessing your mailbox from two different point.

--
DINH V. Hoa,

"elle est maquill comme une voiture vol" -- Elisa

 
 
 

1777 Protection and "those other" IMAP clients

Post by Mark Crisp » Mon, 13 Oct 2003 00:53:17


That's not what .lock files protect against. They protect against
simultaneous write of the mailbox by the MTA (e.g. sendmail calling
/bin/mail) and the MUA (e.g. imapd). The corruption that would happen is
if, while imapd is updating the INOBX, a new message is delivered.

The UW imapd protection that you're talking about only protects against
multiple imapds, and that only works when the file is local (not NFS
mounted).

-- Mark --

http://www.yqcomputer.com/
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
 
 
 

1777 Protection and "those other" IMAP clients

Post by Justzisgu » Mon, 13 Oct 2003 05:42:30

Ah--the hazards of crossposting! I just wanted to inform everyone
that Mark Crispin gave me a very helpful email on the UW IMAP mailing
list. The admins were wrong to think that Eudora and Outlook are
somehow different. Hopefully they will fix their server to allow
.lock files to be created.

IMAPd doesn't handle mail delivery, so this isn't true. Something has
to write to the INBOX. Also, any backups might go funny too. It may
be unlikely that there will be corruption, but I believe it is still
possible.