Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Isn having the spool directory world-writable a big security risk?

big directory risk security spool world-writable
0
Posted

Isn having the spool directory world-writable a big security risk?

0 CommentsAdd a Comment

1 Answer

0

No. Remember that the individual mail files in the spool directory are NOT world-writable, only the containing directory. Setting the “sticky bit” — indicated by the “1” before the “777” mode — means that only the owner of the file (or root) can delete files in the directory. So the only bad behavior that is invited by the 1777 mode is that anyone could create a random file in the spool directory. If the spool directory is under quota control along with home directories, there is little incentive for anyone to do this, and even without quotas a periodic scan for non-mail files usually takes care of the problem.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.