[lug] fetchmail

D. Stimits stimits at idcomm.com
Tue Jul 3 14:37:45 MDT 2001


Ken Weinert wrote:
> 
> * D. Stimits (stimits at idcomm.com) [010703 19:50]:
> > similar problem, but only root runs wvdial anyway (or at least only root
> > has access to /etc/wvdial.conf, or else it argues about
> > running...fetchmail does not argue).
> 
>         Are you sure? When I run fetchmail with my .fetchmailrc being
> too permissive it complains and won't run:
> 
> File /home/kenw/.fetchmailrc must have no more than -rwx--x--- (0710)
> permissions.

The point here is that it is a non-root user. It is easier to find a way
around the permissions of a regular user than root. And in theory, root
user should be a bit more savvy about security in general. One of the
reasons for having a separate root is that it can be avoided for use
except when necessary...if a regular user does something wrong, it won't
hurt as much; it would be preferable to allow regular users to fetch
their mail, but not to make their mistakes so visible. It is a vague
general goal to keep something as important as the ISP pass secret
except from those who need to know, and for those who need to know, to
not be careless; if careless, to minimize the impact.

> 
>         This doesn't change the fact that the password is non-encrypted
> in the file - no disagreements there.
> 
>         One thing to keep in mind: for some reason when I switched to
> @home fetchmail could no longer determine what I had or had not already
> read/downloaded and got everything, every time. I had to switch to
> getmail which almost always works. I have had (in the past) certain
> messages that would cause getmail to fail, but I don't recall seeing
> that problem since the last time I upgraded.

I'm curious what your opinion of getmail is, relative to ease of use and
security?

D. Stimits, stimits at idcomm.com

> 
> --
> Ken Weinert   kenw at ihs.com 303-858-6956 (V) 303-705-4258 (F)
> GnuPG KeyID: 9274F1CE           GnuPG available at http://www.gnupg.org/
> GnuPG Key Fingerprint: 1D87 3720 BB77 4489 A928  79D6 F8EC DD76 9274 F1CE
> The major difference between a thing that might go wrong and a thing that
> cannot possibly go wrong is that when a thing that cannot possibly go wrong
> goes wrong it usually turns out to be impossible to get at or repair.
>                    from _Mostly Harmless_ by Douglas Adams
> 
>   ------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature



More information about the LUG mailing list