From owner-freebsd-questions@FreeBSD.ORG Sun Jun 27 08:54:56 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ED8416A4CE for ; Sun, 27 Jun 2004 08:54:56 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F19343D41 for ; Sun, 27 Jun 2004 08:54:56 +0000 (GMT) (envelope-from oliverfuchs@onlinehome.de) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BeVR9-0003OK-00 for freebsd-questions@freebsd.org; Sun, 27 Jun 2004 10:54:55 +0200 Received: from [217.1.218.211] (helo=oliverfuchs.ath.cx) (TLSv1:EDH-RSA-DES-CBC3-SHA:168) (Exim 3.35 #1) id 1BeVR6-0001kP-00 for freebsd-questions@freebsd.org; Sun, 27 Jun 2004 10:54:52 +0200 Received: from oliverfuchs.ath.cx (localhost [127.0.0.1]) i5R8sm6G006677verify=FAIL) for ; Sun, 27 Jun 2004 10:54:49 +0200 Received: (from oliverfuchs1@localhost) by oliverfuchs.ath.cx (8.12.3/8.12.3/Debian-6.6) id i5R8smhx006675 for freebsd-questions@freebsd.org; Sun, 27 Jun 2004 10:54:48 +0200 Date: Sun, 27 Jun 2004 10:54:48 +0200 From: Oliver Fuchs To: freebsd-questions@freebsd.org Message-ID: <20040627085447.GA6609@oliverfuchs.ath.cx> Mail-Followup-To: freebsd-questions@freebsd.org References: <200406260041.RAA20032@Hercules.ceosoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <200406260041.RAA20032@Hercules.ceosoft.com> User-Agent: Mutt/1.4.2i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:c2b2791553508cc938db2bcf18721a3c Subject: Re: Sendmail permission problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2004 08:54:56 -0000 On Fri, 25 Jun 2004, Jamie LaPointe wrote: > I am having problems with a Perl based application (Bugzilla 2.16.5) that > uses Sendmail. I recently upgraded from Sendmail version 8.9.3 to 8.12.10 > and am using FreeBSD 5.2.1-Release. I installed this version of Sendmail > from the Ports collection from the FreeBSD FTP site. Ever since I upgraded > to this new version I have been having the following problem when attempting > to send an email via Bugzilla (the following error is from the mailog): > > Jun 25 17:11:42 srv-linbsd01 sm-mta[539]: starting daemon (8.12.10): > SMTP+queuei > > ng@00:30:00 > > Jun 25 17:11:42 srv-linbsd01 sm-msp-queue[542]: starting daemon (8.12.10): > queue > > ing@00:30:00 > > Jun 25 17:11:42 srv-linbsd01 sm-msp-queue[547]: starting daemon (8.12.10): > queue > > ing@00:30:00 > > Jun 25 17:12:04 srv-linbsd01 sendmail[630]: i5Q0C4fA000630: SYSERR(apache): > coll > > ect: Cannot write ./dfi5Q0C4fA000630 (bfcommit, uid=1003, gid=25): > Permission de > > nied > > Jun 25 17:12:04 srv-linbsd01 sendmail[630]: i5Q0C4fA000630: from=apache, > size=46 > > 8, class=0, nrcpts=0, relay=apache@localhost > > Jun 25 17:12:04 srv-linbsd01 sendmail[630]: i5Q0C4fA000630: i5Q0C4fB000630: > DSN: > > collect: Cannot write ./dfi5Q0C4fA000630 (bfcommit, uid=1003, gid=25): > Permissi > > on denied > > Jun 25 17:12:04 srv-linbsd01 sendmail[630]: i5Q0C4fB000630: SYSERR(apache): > queu > > eup: cannot create queue file ./qfi5Q0C4fB000630, euid=1003: Permission > denied > > Jun 25 17:12:04 srv-linbsd01 sendmail[631]: i5Q0C4K8000631: SYSERR(apache): > coll > > ect: Cannot write ./dfi5Q0C4K8000631 (bfcommit, uid=1003, gid=25): > Permission de > > nied > > Jun 25 17:12:04 srv-linbsd01 sendmail[631]: i5Q0C4K8000631: from=apache, > size=45 > > 9, class=0, nrcpts=0, relay=apache@localhost > > Jun 25 17:12:04 srv-linbsd01 sendmail[631]: i5Q0C4K8000631: i5Q0C4K9000631: > DSN: > > collect: Cannot write ./dfi5Q0C4K8000631 (bfcommit, uid=1003, gid=25): > Permissi > > on denied > > Jun 25 17:12:04 srv-linbsd01 sendmail[631]: i5Q0C4K9000631: SYSERR(apache): > queu > > eup: cannot create queue file ./qfi5Q0C4K9000631, euid=1003: Permission > denied > > > > It sure appears that something is screwed up with Permissions, yet > /var/spool/clientmqueue has the following permission: > > -bash-2.05b# ls -l > > total 32 > > drwxrwx--- 2 smmsp smmsp 512 Jun 25 12:09 clientmqueue > > drwxr-xr-x 3 root daemon 512 Apr 6 08:53 cups > > drwxrwxr-x 2 uucp dialer 512 Jun 25 17:11 lock > > drwxr-xr-x 2 root daemon 512 Feb 23 12:41 lpd > > drwxr-xr-x 3 root daemon 16384 Jun 25 15:17 mqueue > > drwx------ 2 root daemon 512 Feb 23 12:41 opielocks > > drwxr-xr-x 3 root daemon 512 Feb 23 12:41 output > > drwxr-xr-x 15 root wheel 512 Jun 25 11:48 postfix > > drwxrwxrwt 2 root wheel 512 Apr 6 08:53 samba > > > > >From everything that I have read this is correct. I also checked the > permission for the sendmail binary and it has the following permission: > > -bash-2.05b# ls -l /usr/libexec/sendmail/sendmail > > -r-xr-sr-x 1 root smmsp 635864 Feb 23 12:42 sendmail A look at SECURITY doc in /usr/local/share/doc/sendmail gives me: -r-xr-sr-x root smmsp ... /PATH/TO/sendmail drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue drwx------ root wheel ... /var/spool/mqueue -r--r--r-- root wheel ... /etc/mail/sendmail.cf -r--r--r-- root wheel ... /etc/mail/submit.cf Oliver -- ... don't touch the bang bang fruit