From e8f31f5bc3a9f852d5c67a7b9c02bf99581ebf48 Mon Sep 17 00:00:00 2001
From: Russ Allbery
- Files should be owned by root.root, and made + Files should be owned by root:root, and made writable only by the owner and universally readable (and executable, if appropriate), that is mode 644 or 755.
@@ -8045,7 +8045,7 @@ http://localhost/doc/package/filenameMailboxes are generally mode 660 - user.mail unless the system + user:mail unless the system administrator has chosen otherwise. A MUA may remove a mailbox (unless it has nonstandard permissions) in which case the MTA or another MUA must recreate it if needed. @@ -8053,7 +8053,7 @@ http://localhost/doc/package/filename
- The mail spool is 2775 root.mail, and MUAs should + The mail spool is 2775 root:mail, and MUAs should be setgid mail to do the locking mentioned above (and must obviously avoid accessing other users' mailboxes using this privilege).
@@ -8644,8 +8644,8 @@ name ["syshostname"]: Games which require protected, privileged access to high-score files, saved games, etc., may be made set-group-id (mode 2755) and owned by - root.games, and use files and directories with - appropriate permissions (770 root.games, for + root:games, and use files and directories with + appropriate permissions (770 root:games, for example). They must not be made set-user-id, as this causes security problems. (If an attacker can subvert any set-user-id game they can -- 2.39.2