Should my alias database be writable?

At Berkeley we have the alias database (/etc/aliases*) mode 644. While this is not as flexible as if the database were more 666, it avoids potential security problems with a globally writable database.

The database that sendmail actually used is represented by the two files aliases.dir and aliases.pag (both in /etc) (or aliases.db if you are running with the new Berkeley database primitives). The mode on these files should match the mode on /etc/aliases. If aliases is writable and the DBM files ( aliases.dir and aliases.pag) are not, users will be unable to reflect their desired changes through to the actual database. However, if aliases is read-only and the DBM files are writable, a slightly sophisticated user can arrange to steal mail anyway.

If your DBM files are not writable by the world or you do not have auto-rebuild enabled (with the AutoRebuildAliases option), then you must be careful to reconstruct the alias database each time you change the text version:

If this step is ignored or forgotten any intended changes will also be ignored or forgotten.

[Contents] [Previous] [Next]

Questions or problems regarding this web site should be directed to Steve Gielda.
Copyright 1999  All rights reserved.
Last modified: Friday April 02, 1999.