Randall R Schulz wrote:
Ken,
On Tuesday 26 April 2005 06:08, Ken Schneider wrote:
On Tue, 2005-04-26 at 08:42 -0400, Felix Miata wrote:
Erik Jakobsen wrote:
...
erik@lajka3:~/.mozilla/default/dfiph4je.slt/Mail> ls -Al urbakken.dk/ total 249963 -rw-r--r-- 1 erik users 0 2005-04-26 12:22 Drafts -rw-r--r-- 1 erik users 0 2005-04-26 12:22 Drafts.msf... -r-xr-xr-x 1 erik users 0 2004-11-12 05:21 filterlog.html... -r-xr-xr-x 1 erik users 68513263 2005-04-25 15:26 Inbox -rw-r--r-- 1 erik users 4958 2005-04-26 12:57 Inbox.msf
Many permissions in your maildir are wrong. Just fix them with 'chmod 644 *' from that directory.
I don't understand the 644 perms for private files. That will give -anyone- logged in access to someone else's mail, quite a no-no as far as I am concerned. 600 seems more correct (700 for dirs).
Witness:
% ll -d ~/.mozilla/default drwx------ 4 rschulz users 44 2004-07-10 18:09 /home/rschulz/.mozilla/default/
% ll -d ~/.mozilla/default/stzvnglp.slt drwx------ 4 rschulz users 4096 2004-07-10 18:07 /home/rschulz/.mozilla/default/stzvnglp.slt/
Those directories are protected by the inaccessibility of directories higher up in the hierarchy.
Now, if those directories had world execute bits _and_ someone knew the profile directory name (the funky "stzvnglp.slt" in my case), then they could get at work-readable files within.
Ken Schneider
Randall Schulz
Thanks gentlemen for your interest. I'm a bit confused what I shall set the different permissions to ?. Here's mine, but they don't tell much. erik@lajka3:~> % ll -d ~/.mozilla/default bash: fg: %: no such job erik@lajka3:~> mc erik@lajka3:~> % ll -d ~/.mozilla/default/dfiph4je.slt/ bash: fg: %: no such job Erik Jakobsen