# permissions on /var/spool/mail - issue solved

## pannag

Hi,

Few users in my network are getting this message on opening the pine using ssh:

 *Quote:*   

> Folder vulnerable - directory /var/spool/mail must have 1777 protection

 

But there is no problem in email access. ls -lh on /var/spool gives the following

```
drwxrwxr-x   2 root mail 952 Feb 21 16:28 mail 
```

The permissions on /var/spool/mail are 1775. Should it be changed to 1777 ? If yes, what is the reason?

Thanks a lot

PannagLast edited by pannag on Tue Feb 22, 2005 2:12 am; edited 1 time in total

----------

## gentsquash

Although I don't read mail on my home system, I do have a

"/var/spool/mail/" directory, whose permissions are

```

  /var/spool

  drwxrwxrwt  2 root    72 Sep 23 16:18 mail
```

These permissions appear to correspond to

```
chmod 1777 /var/spool/mail
```

I can't tell you if it "should" be that, though my guess is "yes".

(By the way: "Few users" means `hardly any users', whereas 

"a few users" means `some, at least two users'.)

----------

## pgf

 *pannag wrote:*   

> Hi,
> 
> Few users in my network are getting this message on opening the pine using ssh:
> 
>  *Quote:*   Folder vulnerable - directory /var/spool/mail must have 1777 protection 
> ...

 

Actually, those correspond to 775. It should lok like this:

```

drwxrwxrwt  2 root mail 128 Feb 21 20:24 /var/spool/mail

```

Note the "t" on the end - this is the "sticky" bit. It allows users to write to the driectory without stomping on each other. Check out the description at http://www.uwsg.iu.edu/UAU/files/sticky.html.[/u]

----------

## pannag

Hi,

Thanks a lot for your replies.

I changed it to 1777 and that warning does not appear anymore. But 1775 did not work, I donno why! Also, I am wondering what that sticky bit is all about...

Thanks again

Pannag

----------

## pgf

Pannag, check the link I posted above for a good description of the sticky bit. 

1775 does not allow the user to write to their own mail spool, so 1777 is required. The sticky bit helps restrict access to just the spool file belonging to the individual user.

----------

## gentsquash

pgf thank you for the "sticky" link; a useful reference site.

pannag, if you feel that your problem is [SOLVED], 

would you consider marking it as such?  Only you can edit the

title of the first post in the thread.

----------

## pannag

Thanks gentsquash.

I have changed the subject of my first post. 

Do I need to mark the issue as solved formally somewhere?

Pannag

----------

## gentsquash

Nope, that's fine.  Gotta love these forums...

----------

## gnuageux

Ive always prefered the [solved] some topic but whatever

----------

## gentsquash

Me too, but I appreciate it just being marked at all.  The

majority of the time it isn't.

In terms of his "formally" question: Would it be worthwhile that

GentooForum thread-titles have options like Buzilla has; "closed",

"re-opened", "solved"...

----------

