| Title: | Internet Tools |
| Notice: | Report ALL NETSCAPE Problems directly to [email protected]�.�rnet? Read note 448.L for beginner information. |
| Moderator: | teco.mro.dec.com::tecotoo.mro.dec.com::mayer |
| Created: | Fri Jun 25 1993 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4714 |
| Total number of notes: | 40609 |
Hi,
A customer is using MHMAIL command popwrd to change the POP passwrd.
Whenever a users changes his password the owner of POP file changes
from the original pop to the user. I could reproduce it here but got
no workaround. Digital UNIX v4.0A.
I added some useful information.
# ls -ld /var/spool/pop
drwxrwxrwx 2 pop pop 8192 Apr 14 14:48 /var/spool/pop
# ls -l /var/spool/pop/POP
-rw-r--r-- 1 nundes pop 4387 Apr 14 14:48 /var/spool/pop/POP
# ls -l /usr/lib/mh/popwrd
-rwxr-xr-x 1 bin bin 24576 Aug 19 1996 /usr/lib/mh/popwrd
#
Thanks for any help,
Miriam
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 4608.1 | popwrd works this way | NNTPD::"[email protected]" | Jan-Erik Pedersen | Thu Apr 17 1997 11:00 | 14 |
What did you expect ? popwrd is normally not intended to be used by ordinary users.In order to change the passwd popwrd reads the file, and creates a new file which naturally will be owned by the user who creates it. In order for pop to work the way you wants you must make popwrd be setuid to pop. And also remember to set the right permissons on the the /usr/spool/pop directory. At least the group the pop account belongs too should have read/write permissions. And you should remove the write permissions for other (everybody) or set the sticky bit. Remember that in UNIX anybody who has write permissions on a directory may remove or rename files in that directory unless the sticky bit is set. [Posted by WWW Notes gateway] | |||||