Setting Access Permissions for Other Accounts

[previous] [next] [table of contents] [index]

Because MH uses the UNIX filesystem (directories and files) to store its messages, UNIX filesystem security affects it. If no other users need to access your MH messages, you can set any level of protection on your home directory and MH directory, anywhere from completely accessible for all users to totally shut off from all users. If other users are sharing your messages, though, you should be sure that they have enough access but not too much. Because MH messages are usually stored under your home directory, giving other users access to some or all of your MH mail means that they could have access to your other files, too. With the information in the Chapter Key Parts of the UNIX Filesystem, and good knowledge of the UNIX filesystem, you can figure out how to set access permissions yourself.

NOTE: xmh is designed more for single users than for sharing other users' mail. The Section MH Directory Path has some of the gory details.

To help you share mail (just reading, or both reading and writing), your system administrator can create UNIX groups: lists of users who are allowed to share files with each other.

CAUTION: If you're really concerned about security and you're not experienced with UNIX filesystem security, ask an expert (like your system administrator) for help.

Here's an example to get you started. If all the members of a UNIX group want to share their mail with each other (reading each others' messages but not being able to modify any):

  1. Everyone should put these entries in their MH profile files:
    Folder-protect: 750
    Msg-protect: 640
    
  2. If anyone has existing folders or messages, they should reset the access permissions by using the chmod command. The UNIX find command below is an easy way to do this. Please type it carefully (the syntax is weird, but it works):
    % cd Mail
    % find . -type f -exec chmod 640 {} \; -o -exec chmod 750 {} \;
    
    If a user has thousands of messages and your system is slow, the following shell loop will probably be more efficient. (The Section Sorting Messages: sortm has another shell loop example with an explanation of the loops.) Be sure to use backquotes (`), not single quotes ('):

    C shell:

    % foreach f (`folders -f -r`)
    ? echo fixing +$f
    ? set fp="`mhpath +$f`"
    ? chmod 750 $fp
    ? cd $fp && chmod 640 *
    ? end
    fixing +apple
        ...
    fixing +zoo/zebra
    %
    

    Bourne and Korn shells:

    $ for f in `folders -f -r`
    > do echo fixing +$f
    > fp="`mhpath +$f`"
    > chmod 750 $fp
    > cd $fp && chmod 640 *
    > done
    fixing +apple
        ...
    fixing +zoo/zebra
    $
    
    (Careful readers will notice that, in every folder, the loop sets the mode of all messages and any subfolder directories to 640. A subfolder with mode 640 can't be accessed. But, because folders -r always gives the name of a folder before any of its subfolders, the subfolder permission will be set correctly in the next pass of the loop.)
  3. If any folders should stay private, the user should reprotect them. For instance, to make the folders job_hunting and hate_mail private:
    % chmod 700 `mhpath +job_hunting` `mhpath +hate_mail`
    

Here are three other ways to set protection. Use the examples above, but change the permission modes from 750 and 640, respectively, as shown below:

[Table of Contents] [Index] [Previous: Changing MH Directory Name] [Next: Defining Alternate Mailboxes]


Last change $Date: 1996/06/06 15:14:17 $

This file is from the third edition of the book MH & xmh: Email for Users & Programmers, ISBN 1-56592-093-7, by Jerry Peek. Copyright © 1991, 1992, 1995 by O'Reilly & Associates, Inc. This file is freely-available; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. For more information, see the file copying.htm.

Suggestions are welcome: Jerry Peek <jpeek@jpeek.com>