Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Mail permissions for local users?
  • From: Andrew Hougie <andrew@xxxxxxxxxxxx>
  • Date: Fri, 11 Aug 2000 08:02:06 +0100
  • Message-id: <f287pssgs8frr1fg5k5b2pq1k78ju8bcjb@xxxxxxx>
I think this qualifies as a security issue because the only other solution
I have would be to open up permissions completely and I don't know which I
can safely do.

I am running SuSE 6.2 and I have Marc's firewall script version 2.5
running.

When trying to send mail from pine as a user from the linux machine, I got
an "insufficient permission" message which I resolved by chmod 777
/var/spool/mqueue. I now get reminders of this "warning world writable".

Trying to send mail from one local user to another still fails. The
following entries are generated in /var/log/mail:


Aug 11 07:41:23 celebrity procmail[26474]: Insufficient privileges to
deliver to "debbie"
Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472:
to=<debbie@xxxxxxxxxxxxxxxxxxxxx>, delay=00:00:00, xdelay=00:00:00,
mailer=local, stat=Insufficient permission
Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAA26473: DSN:
Insufficient permission
Aug 11 07:41:23 celebrity sendmail[26473]: HAA26473: to=andrew,
delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAB26473: postmaster
notify : Insufficient permission
Aug 11 07:41:23 celebrity procmail[26476]: Insufficient privileges to
deliver to "root"
Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: to=root,
delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission
Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: HAC26473: return to
sender: Insufficient permission
Aug 11 07:41:23 celebrity procmail[26477]: Insufficient privileges to
deliver to "root"
Aug 11 07:41:23 celebrity sendmail[26473]: HAC26473: to=root,
delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission
Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: Saved message in
/usr/tmp/dead.letter

Permissions in /var/spool are:
drwxrwxrwt 2 root root 1024 Aug 11 07:43 mail
drwxrwxrwx 2 root root 2048 Aug 11 07:41 mqueue

> ls -l /usr/sbin/sendmail
-r-xr-xr-x 1 root root 383232 Aug 22 1999 /usr/sbin/sendmail

> ls -l /usr/bin/procmail
-rwxr-xr-x 1 root root 65428 Dec 7 1999 /usr/bin/procmail

Extracts from my sendmail.mc file
include(`/usr/share/sendmail/m4/cf.m4')
OSTYPE(`linux')dnl
define(`STATUS_FILE', `/var/log/sendmail.st')dnl
define(`confDEF_USER_ID', `daemon:daemon')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`confCOPY_ERRORS_TO', `Postmaster')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confTRUSTED_USERS', `mdom wwwrun')dnl
define(`MASQUERADE_AS', `grinton.net')dnl
FEATURE(`limited_masquerade')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`local_procmail')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
MAILER(`local')dnl
MAILER(`procmail')dnl
MAILER(`smtp')dnl
MAILER(`uucp')dnl
MAILER(`bsmtp')dnl
MAILER(`fido')dnl
define(`confCW_FILE', `/etc/mail/sendmail.cw')dnl
FEATURE(use_cw_file)dnl
MASQUERADE_DOMAIN(grinton.net)

--
Andrew Hougie, Grinton, Aldenham Grove, Radlett,
Hertfordshire, England, WD7 7BW
Email: andrew@xxxxxxxxxxxx WWW: http://www.hougie.co.uk

< Previous Next >