Re: Neomail problems Re: [cobalt-security] [SECURITY WARNING] All Neomail users

["Ben Liddicott" <ben.liddicott@xxxxxxxxxxxxxxxxxx>]

Neomail has created the user's mail directory with the wrong permissions. It should be:
drwx--S---   2 bliddico site1        1024 Nov 13 11:37 mail/
But Neomail gives it the group of "users" because that is the user's primary group on Cobalt.

The problem arises because Neomail creates the directory as root, then chowns it to the user's uid and primary gid. This ignores the
setgid bit on the directory. The fix is to make Neomail impersonate the user, then just create the dir as normal, without a chown
step.

In the short term, you can fix this for your users using a script (as root) that chgrps existing mail directories, and creates new
ones with the correct group, setgid bit etc, for the users that don't already have them. It worked for me, anyway.


Cheers,
Ben Liddicott
----- Original Message -----
From: "Rik Thomas" <rikt@xxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, November 15, 2001 7:52 PM
Subject: Neomail problems Re: [cobalt-security] [SECURITY WARNING] All Neomail users


> On Thu, 15 Nov 2001, Hostmaster of the day wrote:
>
>
> We are not having that problem, but when someone is composing, replying
> and forwarding mail they get the following error:
>
> Couldn't close sent-mail!
>
>
>
>
> --
> Rik Thomas
> rikt@xxxxxxxxxxxxxxxx http://SmartBackups.com
> Is your Website Smart? Automated Website backups.  Free 30Day trial!
> http://www.cobalt-hosting.com  15 minute setup! $6.95 and up.
> Ph: 888.845.6856 Fx: 302.672.7315 ICQ: 879956
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security