procmail
[Top] [All Lists]

can't write to queue

2003-05-25 16:40:10
Hello y'all,

I've been setting up a new system with the latest sendmail and procmail and
having a little issue with writing to the client mail queue.

I run sendmail 8.12.9 with the new config which uses two separate mail
queues, and I also run sendmail as two separate binaries with different
permissions.
I have one sendmail binary as smtpd with permissions of ---s------ and owned
by root and group system which runs as the smtp daemon and it works fine (so
far).
I also have an other sendmail binary as sendmail with permissions of
---x--s--x and owned by root and group smmsp which is also run in the
background as the client queue runner.
The client queue is owned by user smmsp and group smmsp with permissions of
drwxrwx--T (I set the sticky bit too).

The problem is that when procmail has a recipe with a ! to some address, I
get an error in the mail log that says:

can not write to queue directory /var/spool/cmqueue/ (RunAsGid=0,
 required=28): Permission denied

The group smmsp is id 28.

Is this error from procmail or sendmail?
I tried (just in case) to make the procmail binary group owned by smmsp and
gave it a set gid bit, and that didn't help it.

So I'm assuming it's the sendmail binary having trouble, since I can't see
procmail trying to write anything into the sendmail client queue anyway. The
thing is, I do have the sendmail binary with a set gid and group owned by
smmsp, so where's the holdup???

I had a similar issue early on with php running with apache, which run under
user/group id of httpd and the php mail function was causing the same type
of error about the gid. I fixed this (for now) by adding an acl to the
client queue folder which gives an extra write access to the httpd user and
that lets it work properly (doesn't make any sense to me, why?).

I would think that the sendmail binary with its group ownership of smmsp and
its set gid bit turned on should be the one doing the writing to the client
queue and it shouldn't have any trouble because it should run setgid smmsp
on that queue folder group owned by smmsp which allows write access to
smmsp.

This makes it look like the setgid bit on the sendmail binary isn't doing
what it's supposed to.

So what's the problem? how do I fix this?

-- 
Didier Godefroy
mailto:dg(_at_)ulysium(_dot_)net


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>