procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Permission problem

2004-02-25 11:13:42
from [Professional Software Engineering] [Permanent Link] 
At 10:49 2004-02-25 -0600, David Bourne wrote:
Feb 25 09:59:09 localhost sendmail[5750]: i1PFx85J005748: Warning: program /usr/bin/procmail unsafe: Group writable directory
Follow the link in my .sig, grab the procdiag script from there. Read the script, then when you're comfortable that it isn't set up to hose you, invoke it on your system (as user). 

This should generally point out most of the permissions issues you might have.
There is the possibility that your system is configured for "GROUP PER USER", where if you're user "foo", your primary group is "foo" (and you're the ONLY user in that group). In this case, your dirs are generally set group writeable, but if the procmail isn't compiled to know that this is how your system is set up, then it'll complain. If this is the case, you should recompile procmail with GROUP_PER_USER defined in config.h (as documented in the HISTORY file). 


in my mail.log (See below, this may not have started yesterday)
It wouldn't be a bad idea to verify when it started by checking past logfiles. If you're purging logfiles on a daily basis, you're setting yourself up for all sorts of secutiry and administration problems. On my hosts, I archive them INDEFINATLEY (not on the host itself, but they're maintained in accessible archives). 


[/private/etc] usern% ls -al pr*
-rw-r--r--  1 root  wheel  1786 Feb  4 19:31 procmailrc
/etc/ and /usr/local/etc/ I know about, but /private/etc/ is a new one on me. Looks like OSX is redefining a lot of stuff. 


[ma1:~] usern% ls -l /usr/bin/procmail
-rwxr-xr-x  1 root  wheel  83112 Sep 23 09:21 /usr/bin/procmail
I note your procmail isn't suid root, meaning it's a bit less capable as an LDA (unless your MTA is already running as root, and current sendmail configs certainly shouldn't be). 

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Virus scanning and defense-in-depth (was Re: tips on writing/etc/procmailrc so that it can be run as 'root' or as a user?), Tim Rice
Next by Date:  Re: counting message size from two different relays, Professional Software Engineering
Previous by Thread:  Permission problem, David Bourne
Next by Thread:  Re: Permission problem, LuKreme
Indexes:  [Date] [Thread] [Top] [All Lists]