Setting Access Permissions for Other Accounts
[previous]
[next]
[table of contents] [index]
Because MH uses the UNIX filesystem (directories and files) to store
its messages, UNIX filesystem security affects it.
If no other users need to access your MH messages, you can set any level
of protection on your home directory and MH directory, anywhere from
completely accessible for all users to totally shut off from all users.
If other users are sharing your messages, though, you should be sure that
they have enough access but not too much.
Because MH messages are usually stored under your home directory, giving
other users access to some or all of your MH mail means that they could
have access to your other files, too.
With the information in the Chapter
Key Parts of the UNIX Filesystem,
and good knowledge of the
UNIX filesystem, you can figure out how to set access permissions yourself.
NOTE:
xmh is designed more for single users than for sharing other users' mail.
The Section MH Directory Path
has some of the gory details.
To help you share mail (just reading, or both reading and writing), your
system administrator can create UNIX groups:
lists of users who are allowed to share files with each other.
CAUTION:
If you're really concerned about security
and you're not experienced with UNIX filesystem security,
ask an expert (like your system administrator) for help.
Here's an example to get you started.
If all the members of a UNIX group want to share their mail with each other
(reading each others' messages but not being able to modify any):
-
Everyone should put these entries in their MH profile files:
Folder-protect: 750
Msg-protect: 640
-
If anyone has existing folders or messages, they should reset the
access permissions by using the chmod command.
The UNIX find command below is an easy way to do this.
Please type it carefully (the syntax is weird, but it works):
% cd Mail
% find . -type f -exec chmod 640 {} \; -o -exec chmod 750 {} \;
If a user has thousands of messages and your system is slow, the
following shell loop will probably be more efficient.
(The Section Sorting Messages: sortm
has another shell loop example with an explanation of the loops.)
Be sure to use backquotes (`), not single quotes ('):
C shell:
% foreach f (`folders -f -r`)
? echo fixing +$f
? set fp="`mhpath +$f`"
? chmod 750 $fp
? cd $fp && chmod 640 *
? end
fixing +apple
...
fixing +zoo/zebra
%
Bourne and Korn shells:
$ for f in `folders -f -r`
> do echo fixing +$f
> fp="`mhpath +$f`"
> chmod 750 $fp
> cd $fp && chmod 640 *
> done
fixing +apple
...
fixing +zoo/zebra
$
(Careful readers will notice that, in every folder, the loop sets the mode
of all messages and any subfolder directories to 640.
A subfolder with mode 640 can't be accessed.
But, because folders -r always gives the name of a folder before
any of its subfolders, the subfolder permission will be set correctly in
the next pass of the loop.)
-
If any folders should stay private, the user should reprotect them.
For instance, to make the folders job_hunting and hate_mail private:
% chmod 700 `mhpath +job_hunting` `mhpath +hate_mail`
Here are three other ways to set protection.
Use the examples above, but change the permission modes from 750 and 640,
respectively, as shown below:
-
To give everyone in your group permission to modify the folders' contents
(refile, rmm, and so on) use modes 770 and 660.
-
To give read access to everyone on your computer, use modes 755 and 644.
-
To give your group permission to modify the folder contents and give
everyone on your computer permission to read, use modes 775 and 664.
|
