On Sat, Nov 26, 2005 at 04:51:38PM -0700, the unit calling itself Theo de Raadt wrote:
>> This leads me to a two-part question: >> 1. Is there an advantage to assigning group ownership of /var/mail to >> "wheel", or was this choice simply arbitrary? >> >> 2. To get akpop3d running should I change group ownership of >> /var/mail to "mail" (rather than giving akpop3d the '-g wheel' >> option)? > Locking should (safely) be done by spawing a copy of mail.local > for the duration of the operation. This is designed to be safe > even when using NFS spools. > > NFS spools are the reason people kept running into trouble > trying to design something safe. A few years ago we settled > on this method which is safe. > > Lots of mailer programs want direct access to the spool, and will > do it wrong. Proper locking in an NFS directory like that is hard. > This makes it easier. Let me see if I've got this straight: sendmail uses mail.local to deliver mail to the user's mail spool, and mail.local uses lock files of the form "username.lock" while it does its thing with the spool file. However, akpop3d doesn't appear to use this form of the lockfile. If that's the case I don't get the relevance of mail.local. I can appreciate that file locking in an NFS directory is hard to do; I gather then that the answer to Q 1. is that the choice was not arbitrary. If ownership of /var/mail by group "wheel" is not arbitrary, then it would seem that the answer to Q 2. is to run akpop3d with the option '-g wheel'. I would have thought that was not the "best" choice as it entrusts akpop3d with the ability to write anywhere "wheel" is able to - rather than just /var/mail. Analysis, comments? Thnx, Jay
