[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: intro

From: xystrus
Subject: Re: intro
Date: Wed, 13 Mar 2002 17:46:09 -0500
User-agent: Mutt/1.3.27i

On Wed, Mar 13, 2002 at 02:16:10PM -0800, Jeff Bailey wrote:
> On Wed, Mar 13, 2002 at 12:37:42PM -0500, xystrus wrote:
> > If your users have root access to their machines, and you NFS 
> > export the mail spool, you're giving them the ability to read the
> > mail of anyone and everyone.  This is BAD.  
> Only if you don't squash root.  People who don't follow sensible
> sysadmin practices are not our problem.

Bzzzzz... sorry, but that's incorrect.  If I have root acces,
all I need to do is su to another user whose mail is on the same
spool.  Maybe I have to create the user first, but since I have
root access, that's no problem.  Or if I'm in an NIS shop (ugh),
I probably don't even have to do that.  And the best part is,
since I'm root, I don't even need their password.

AFAIK the only solution for this is Kerberized NFS, which isn't
terribly common, and AFAIK not yet available for Linux.

> > I've seen NFS-mounted spools result in lost mail before...  it's
> > just a bad idea, IMO.
> I think maildir is supposed to handle locking over NFS correctly.

Sure, as I understand it maildir basically needs no locking.  Is
that correct?  I still haven't had a chance to read up on it...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]