[rt-users] qmail suid issue
jaime at snowmoon.com
jaime at snowmoon.com
Mon Sep 17 06:29:16 EDT 2001
On Mon, 17 Sep 2001, Harald Wagener wrote:
> it's always helpful to include which distribution Your linux
> installation is based on (if it's linux - could be Solaris or BSD as
> well, which would mean others could be more of help than me).
zeus:jkikpole>uname -a
FreeBSD zeus.cairodurham.org 4.4-STABLE FreeBSD 4.4-STABLE #2: Fri Sep 14 17:12:19 EDT 2001
jkikpole at zeus.cairodurham.org:/usr/obj/usr/src/sys/ZEUS i386
> Anyway, it seems that Your sperl does have the sgid bit set, but not
> the suid bit. You can change this by issuing the command
>
> chmod u+s /usr/bin/sperl*
>
> After that, things should be up and running (bar any other errors).
I noticed that it started with mode 0511. According to a search
of the FreeBSD mailing list archives, this was by design but it wasn't
clear why it was done. Security issues, I imagine.
I've tried changing the modes to 2511, 4511, and 6511. Each of
them generated errors, though 6511 was different than the others. The
/var/log/maillog file shows the following when I try to use mode 6511:
Sep 17 06:25:18 zeus qmail: 1000722318.388007 new msg 127072
Sep 17 06:25:18 zeus qmail: 1000722318.388728 info msg 127072: bytes 556 from <jkikpole at cairodurham.org> qp 15519 uid 82
Sep 17 06:25:18 zeus qmail: 1000722318.587631 starting delivery 2169: msg 127072 to local rt at cairodurham.org
Sep 17 06:25:18 zeus qmail: 1000722318.588554 status: local 1/10 remote 0/20
Sep 17 06:25:22 zeus qmail: 1000722322.258324 delivery 2169: deferral: Can't_write_to_'/var/log/rt2/rt.log.15524.1162':_Permission_denied_at_/usr/local/lib/perl5/site_perl/5.005/Log/Dispatch/File.pm_line_69./
Sep 17 06:25:22 zeus qmail: 1000722322.259643 status: local 0/10 remote 0/20
....and ls -l /var/log shows:
drwx------ 2 nobody nobody 512 Sep 16 22:51 rt2
Unfortunately, this looks like I need to change the mode of
/var/log/rt2 to something that qmail likes. I say "unfortunately" because
I had to change the ownership to nobody in order to get the web GUI to
work.
Am I missing something really obvious? Maybe a chown/chgrp/chmod
combination for /var/log/rt2 that would work?
Jaime
More information about the rt-users
mailing list