procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Insufficient Permissions with local accounts

2001-01-17 10:36:12
from [D E Hammond] [Permanent Link] 
On 16 Jan, Nenad Steric wrote:
| Hi,
| Stop / Start sendmail didn't help.
| during the last days i also did already try "kill -SIGHUP sendmail-pid "
| 
| Here are the outputs :
| 
| > ls -ld /var /var/spool /var/spool/mail /var/spool/mail/hareter
| drwxr-xr-x  23 root     root         4096 Dec 30  1999 /var
| drwxr-xr-x  20 root     root         4096 Dec 31  1999 /var/spool
| drwxrwxrwt   3 root     root         4096 Jan 17 00:02 /var/spool/mail
| -rw-------   1 hareter  users      249599 Jan 16 21:35 
/var/spool/mail/hareter 
| -rw-------   1 adabas   users       17319 Jan 16 13:21 /var/spool/mail/adabas
| 
| here is another funny thing, as adabas i can't  read emails for adabas
| elm says : "Can't open folder '/var/spool/mail/adabas' for reading!  "
| (long time ago we used Adabas as our DB, but i still use this account a lot, 
and would need the emails)
| 
| 
| > ls -ld /usr /usr/bin /usr/bin/procmail  # if that's where your procmail is
| drwxr-xr-x  28 root     root         4096 Dec 30  1999 /usr
| drwxr-xr-x   3 root     root        24576 Dec 30  1999 /usr/bin
| -rwxr-xr-x   1 root     root        65044 Nov  8  1999 /usr/bin/procmail    

As Collin noted, these look ok. But I have one thought that's such a
long-shot it's probably laughable. Might the permissions on the root (/)
directory have been changed by accident?  It could explain user adabas
being unable to read the mail spool when all other permissions appear
correct. It's a stretch because a whole lot of other problems would be
evident if this happened. But *if* this is a dedicated mail server, and
*if* sendmail is still suid root when it delivers mail (i.e. probably an
older sendmail), it might *possibly* explain all the circumstances.

| > ps -fp `head -1 /var/run/sendmail.pid`
| UID        PID  PPID  C STIME TTY          TIME CMD
| root     20560     1  0 00:00 ?        00:00:00 sendmail: accepting 
connections
| 
| [...]

And of course it would still be possible to read this file, even under
the scenario above, if you were doing it as root.

Just a shot in the dark.

Don Hammond



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  procmail config, S. Jyotinarayan
Next by Date:  Re: procmail config, Collin Park
Previous by Thread:  Re: Insufficient Permissions with local accounts, Collin Park
Next by Thread:  Re: Insufficient Permissions with local accounts, Collin Park
Indexes:  [Date] [Thread] [Top] [All Lists]