From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id AB20A6DE0219 for ; Thu, 8 Feb 2018 17:41:03 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.021 X-Spam-Level: X-Spam-Status: No, score=-0.021 tagged_above=-999 required=5 tests=[AWL=-0.021] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUlzXbhcY_gB for ; Thu, 8 Feb 2018 17:41:02 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id D1EEE6DE0207 for ; Thu, 8 Feb 2018 17:41:02 -0800 (PST) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 9EEE9F99A for ; Thu, 8 Feb 2018 20:40:59 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 8C1C1201CD; Thu, 8 Feb 2018 20:40:47 -0500 (EST) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: Re: [PATCH v2] cli/insert: new message file can be world-readable (rely on umask) In-Reply-To: <20180206194356.28438-1-dkg@fifthhorseman.net> References: <20180205225920.GL1824@hili.localdomain> <20180206194356.28438-1-dkg@fifthhorseman.net> Date: Thu, 08 Feb 2018 20:40:40 -0500 Message-ID: <87k1vnuehz.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 01:41:03 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue 2018-02-06 14:43:56 -0500, Daniel Kahn Gillmor wrote: > There are legitimate cases (public archives) where a user might > actually want their archive to be readable to the world. > > "notmuch insert" historically used mode 0600 (unreadable by group or > other), but that choice doesn't appear to have been specifically > justified (perhaps an abundance of caution?). > > This patch also adjusts the default mode used for --create-folder, to > be mode 0755 before the application of the umask. > > If the user wants "notmuch insert" to create files or folders that are > not readable by group or other, they can set their umask more > restrictively. I'm now having second thoughts about this. postfix's local delivery agent has apparently been delivering with mode 0600 for nearly 20 years: https://github.com/vdukhovni/postfix/blame/master/postfix/src/local/mai= ldir.c#L188 =20=20=20=20 And dovecot's lda defaults to 0600 on delivery: https://sources.debian.org/src/dovecot/1:2.2.33.2-1/src/lib-storage/mai= l-storage.c/?hl=3D2591#L2591 So maybe there's something i don't know about why a delivery agent would want to have this restrictive mask? Perhaps a better way to fix this is with a new option to notmuch insert. on IRC, bremner suggests something flexible like --mode=3D0600 I'm more inclined to keep it simpler and more usable (most people don't know octal, let alone unix permissions bits) and just have a boolean =2D-world-readable which defaults to false (and switches between modes 0600 and 0644 for files, and 0700 and 0755 for directories). Any thoughts? --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzicvlOwymaWlnoHjyu+ogyFnUzMFAlp8/BgACgkQyu+ogyFn UzNyTBAAiW+tQMD4noDSCyQyk8AKKyrRh88e6Ccc8m8lauqnps8GMYf6HAkSiGS+ 2FXaU0Hu7ayhT2QkSgjtJHL8c6r6p/S51p4qfTD4FKB4IM81SyMxUTtcsj6V2mHC WMn+hi25B0icNcPKxRnxbVMUMJdCVag1uGli00wZOoJylWRIqj+9p5N7nJVvF+kx CoiVef8n4EP98KXckmzKiKt5OwREU1gudW9GRH+pHcyXYFKtxNMYWOLKzN3mzAyJ xya/CM1ahKNOx6jSGuVoHsL9YLWEoRvcv86U16lY19lEjIWGA+o2JS8U5Cq1t4SN kxxWZCHXhAqTEWlBrtZeMr+f4MIDknwkszQ7F4fKTGKipkbPR/il8iRnmyABlgqt StanP+GLRCZHS1IZeFOtWwpR1rCc5edZ8j2Hq9Vhe2pPH0NJpBmnitlcMD/ecaKy LqwV2s3aoI2qxuAswAlcbLDn3KTcq96ZmAde2o397NdV4+um5JEHOFCo/xw4Jj9+ Em3oYDnWg4ouDKZ5flssnUxVa1xPY2wJzCShZg0HZKXzykjQHlSSUQkE0cJIhS1f UfX4TkGKJFwFSXN8teVWF/YqxlRos/e+OzjTI/MNih35V3yIJFGt2Y/VBpNSL8sg iinasRaZS5rizy5Sp9k3xnVqWSkCOKY3d1t4iAm8gQqfZ3m7Yi0= =lePL -----END PGP SIGNATURE----- --=-=-=--