Date: Mon, 28 Apr 2003 20:03:23 -0700 (PDT) From: David Babler <dbabler@rigel.orionsys.com> To: FreeBSD Questions List <freebsd-questions@freebsd.org> Cc: freebsd-ports@freebsd.org Subject: Cyrus-SASL + sendmail 8.12.9 + "group writable file" Message-ID: <20030428184857.V33294@rigel.orionsys.com>
next in thread | raw e-mail | index | archive | help
Basic problem: sendmail errors with permissions/ownerships on /usr/local/etc/sasldb Symptom: maillog entry "error: safesasl(/usr/local/etc/sasldb) failed: Group readable file" I'm getting pretty frustrated trying to find the secret handshake to make this work. Searches of the archives for this problem produce lots of hits, but few answers - and no answers that make this work. OS: FreeBSD 4.8-RC Sendmail: 8.12.9 /etc/make.conf SENDMAIL_CFLAGS+= -I/usr/local/include/sasl1 -DSASL SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl And a CVSUP and make world was recently done (and repeated today for good measure) after those options were set. Sendmail had also been built prior to that with those options with the last patched 8.12.8 following the CERT advisory. Installed Cyrus-SASL 1.5.28 from the ports collection. My sendmail.mc file contains (as per the ASMTP FAQ): define(`confRUN_AS_USER',`root:mail')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN')dnl And yes, the ODontBlameSendmail appears in the generated sendmail.cf file. As appears in the various archived times this question has come up, changing permissions and ownerships only move the error from group read errors to access denied errors. For ownerships of the database file, I've tried: cyrus:mail (as installed by the port) root:mail root:wheel smmsp:mail cyrus:smmsp both with and without group read permissions. In short, none of those permutations work. The truly weird part is that the DontBlameSendmail option is not being honored, and I have NO idea why not. -Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030428184857.V33294>