/me wonders about the permissions of the /var/spool/mail directory of a freshly installed amd64-hardened (did it few times now). I do use sendmail + mailx for local mail delivering. mailx complaints about wrong permissions of that directory. And it is right, the group is wrong and lacks write permissions. It follows the log : tfoerste@t44 ~ $ mail Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/tfoerste": 1 message 1 new >N 1 tfoerste@t44.frit Fri Dec 19 00:17 15/593 & 1 Message 1: From tfoerste@t44.fritz.box Fri Dec 19 00:17:22 2014 Date: Fri, 19 Dec 2014 00:17:22 +0100 From: tfoerste@t44.fritz.box To: tfoerste@t44.fritz.box Fri Dec 19 00:17:22 CET 2014 & q mail: Cannot create lockfile /var/mail/tfoerste.lock: Error creating temporary lockfile tfoerste@t44 ~ $ ls -ld /var/mail lrwxrwxrwx 1 root root 15 Dec 7 23:07 /var/mail -> /var/spool/mail tfoerste@t44 ~ $ ls -ld /var/spool/mail drwxr-xr-x 1 mail root 74 Dec 19 00:17 /var/spool/mail tfoerste@t44 ~ $ sudo chgrp mail /var/spool/mail tfoerste@t44 ~ $ mail Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/tfoerste": 1 message 1 new >N 1 tfoerste@t44.frit Fri Dec 19 00:17 15/593 & 1 Message 1: From tfoerste@t44.fritz.box Fri Dec 19 00:17:22 2014 Date: Fri, 19 Dec 2014 00:17:22 +0100 From: tfoerste@t44.fritz.box To: tfoerste@t44.fritz.box Fri Dec 19 00:17:22 CET 2014 & q mail: Cannot create lockfile /var/mail/tfoerste.lock: Error creating temporary lockfile tfoerste@t44 ~ $ ls -ld /var/spool/mail drwxr-xr-x 1 mail mail 74 Dec 19 00:17 /var/spool/mail tfoerste@t44 ~ $ sudo chmod g+w /var/spool/mail tfoerste@t44 ~ $ mail Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/tfoerste": 1 message 1 new >N 1 tfoerste@t44.frit Fri Dec 19 00:17 15/593 & 1 Message 1: From tfoerste@t44.fritz.box Fri Dec 19 00:17:22 2014 Date: Fri, 19 Dec 2014 00:17:22 +0100 From: tfoerste@t44.fritz.box To: tfoerste@t44.fritz.box Fri Dec 19 00:17:22 CET 2014 & q Saved 1 message in /home/tfoerste/mbox tfoerste@t44 ~ $ ls -ld /var/spool/mail drwxrwxr-x 1 mail mail 74 Dec 19 00:18 /var/spool/mail
Which stage3 image is that? The filename should give a clue.
(In reply to Jeroen Roovers from comment #1) > Which stage3 image is that? The filename should give a clue. it was an stable amd64/autobuilds/current-iso/stage3-amd64-20141204.tar.bz2 from beginning of this week
net-mail/mailbase-1.1 is stable and like -1 sets ownership to root:mail as expected. So the autobuild system is somehow changing this?
After a clean amd64 (not hardened) install today, I got the usual warning about /var/spool/mail permissions not being what mailbase wants. I found the permissions to be even different than first described in this bug: localhost ~ # ls -l /var/spool/ total 4 drwxr-xr-x. 2 mail root 4096 Jan 3 11:56 mail Yup. In addition to differing permissions, that's mail user and root group instead of the reverse. I believe I used the 2014-12-28 stage 3.
I don't know what happened here and I find it unlikely that any permissions issue was caused by the release tools as we rely in the tree packages / portage to create the dirs. In any case, I can't confirm this issue with the latest stages, so I'm closing as OBSOLETE. <user>@nightheron ~ $ tar tjvf /release/buildroot/amd64-dev/builds/default/stage3-amd64-20161110.tar.bz2 | grep /var/spool drwxr-xr-x root/root 0 2016-11-10 01:30 ./var/spool/ -rw-r--r-- root/root 0 2016-11-10 01:30 ./var/spool/.keep <user>@nightheron ~ $ tar tjvf /release/buildroot/amd64-dev/builds/hardened/stage3-amd64-hardened-20161103.tar.bz2 | grep /var/spool drwxr-xr-x root/root 0 2016-11-03 18:42 ./var/spool/ -rw-r--r-- root/root 0 2016-11-03 18:42 ./var/spool/.keep