On Thu, Oct 07, 1999 at 01:44:43PM -0500, Fred Terry wrote:
Oct 7 12:13:00 solen.gac.edu sendmail[8776]: MAA08776: forward
/Net/solen/home/g/u/guenther/.forward: Group writable directory
Yep, I'm getting one of those lines for each .forward rule in the
Sendmail.cf file:
O ForwardPath=$z/.forward:$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w
But I haven't been able to determine which directory it's
complaining about. The permissions are
-rw-r--r-- 1 pfterry staff 44 Oct 7 09:14 .forward
drwxr-xr-x 33 pfterry other 3072 Oct 7 09:13 ./
drwxr-xr-x 2 pfterry staff 512 Oct 6 22:29 .procmail/
The mail gets delivered to my mailbox without any filtering.
Looks like I'm running Sendmail 8.7 on a Solaris 2.7 Ultra.
At this point, I know the answer is going to become so
obvious that my forehead will have a large, red hand print.
This is a security feature, among many similar ones added in more
recent versions of sendmail.
If you don't want to change the group-writable state of whatever is
causing the error, just use the DontBlameSendmail option in your
sendmail.cf, or confDONT_BLAME_SENDMAIL in your .mc.
The options for dontblamesendmail (seperated by commas) out of the
sendmail documentation are:
Safe No special handling.
AssumeSafeChown
Assume that the chown system call is
restricted to root. Since some versions of
Unix permit regular users to give away their
files to other users on some filesystems,
sendmail often cannot assume that a given file
was created by the owner, particularly when it
is in a writable directory. You can set this
flag if you know that file giveaway is
restricted on your system.
ClassFileInUnsafeDirPath
When reading class files (using the F line in
the configuration file), allow files that are
in unsafe directories.
ErrorHeaderInUnsafeDirPath
Allow the file named in the ErrorHeader option
to be in an unsafe directory.
GroupWritableDirPathSafe
Change the definition of "unsafe directory" to
consider group-writable directories to be
safe. World-writable directories are always
unsafe.
GroupWritableForwardFileSafe
Accept group-writable .forward files.
GroupWritableIncludeFileSafe
Accept group-writable :include: files.
GroupWritableAliasFile
Allow group-writable alias files.
HelpFileInUnsafeDirPath
Allow the file named in the HelpFile option to
be in an unsafe directory.
WorldWritableAliasFile
Accept world-writable alias files.
ForwardFileInGroupWritableDirPath
Allow .forward files in group writable direc-
tories.
IncludeFileInGroupWritableDirPath
Allow :include: files in group writable direc-
tories.
ForwardFileInUnsafeDirPath
Allow .forward files in unsafe directories.
IncludeFileInUnsafeDirPath
Allow :include: files in unsafe directories.
ForwardFileInUnsafeDirPathSafe
Allow a .forward file that is in an unsafe
directory to include references to program and
files.
IncludeFileInUnsafeDirPathSafe
Allow a :include: file that is in an unsafe
directory to include references to program and
files.
MapInUnsafeDirPath
Allow maps (e.g., hash, btree, and dbm files)
in unsafe directories.
LinkedAliasFileInWritableDir
Allow an alias file that is a link in a
writable directory.
LinkedClassFileInWritableDir
Allow class files that are links in writable
directories.
LinkedForwardFileInWritableDir
Allow .forward files that are links in
writable directories.
LinkedIncludeFileInWritableDir
Allow :include: files that are links in
writable directories.
LinkedMapInWritableDir
Allow map files that are links in writable
directories.
LinkedServiceSwitchFileInWritableDir
Allow the service switch file to be a link
even if the directory is writable.
FileDeliveryToHardLink
Allow delivery to files that are hard links.
FileDeliveryToSymLink
Allow delivery to files that are symbolic
links.
RunProgramInUnsafeDirPath
Go ahead and run programs that are in writable
directories.
RunWritableProgram
Go ahead and run programs that are group- or
world-writable.
WriteMapToHardLink
Allow writes to maps that are hard links.
WriteMapToSymLink
Allow writes to maps that are symbolic links.
WriteStatsToHardLink
Allow the status file to be a hard link.
WriteStatsToSymLink
Allow the status file to be a symbolic link.
--
Elie Rosenblum That is not dead which can eternal lie,
http://www.cosanostra.net And with strange aeons even death may die.
Admin / Mercenary / System Programmer - _The Necronomicon_