[rt-users] qmail suid issue

jaime at snowmoon.com jaime at snowmoon.com
Mon Sep 17 06:29:16 EDT 2001 

On Mon, 17 Sep 2001, Harald Wagener wrote:
> it's always helpful to include which distribution Your linux
> installation is based on (if it's linux - could be Solaris or BSD as
> well, which would mean others could be more of help than me).

zeus:jkikpole>uname -a
FreeBSD zeus.cairodurham.org 4.4-STABLE FreeBSD 4.4-STABLE #2: Fri Sep 14 17:12:19 EDT 2001
jkikpole at zeus.cairodurham.org:/usr/obj/usr/src/sys/ZEUS  i386


> Anyway, it seems that Your sperl does have the sgid bit set, but not
> the suid bit. You can change this by issuing the command
> 
> chmod u+s /usr/bin/sperl*
> 
> After that, things should be up and running (bar any other errors).

	I noticed that it started with mode 0511.  According to a search
of the FreeBSD mailing list archives, this was by design but it wasn't
clear why it was done.  Security issues, I imagine.

	I've tried changing the modes to 2511, 4511, and 6511.  Each of
them generated errors, though 6511 was different than the others.  The
/var/log/maillog file shows the following when I try to use mode 6511:

Sep 17 06:25:18 zeus qmail: 1000722318.388007 new msg 127072
Sep 17 06:25:18 zeus qmail: 1000722318.388728 info msg 127072: bytes 556 from <jkikpole at cairodurham.org> qp 15519 uid 82
Sep 17 06:25:18 zeus qmail: 1000722318.587631 starting delivery 2169: msg 127072 to local rt at cairodurham.org
Sep 17 06:25:18 zeus qmail: 1000722318.588554 status: local 1/10 remote 0/20
Sep 17 06:25:22 zeus qmail: 1000722322.258324 delivery 2169: deferral: Can't_write_to_'/var/log/rt2/rt.log.15524.1162':_Permission_denied_at_/usr/local/lib/perl5/site_perl/5.005/Log/Dispatch/File.pm_line_69./
Sep 17 06:25:22 zeus qmail: 1000722322.259643 status: local 0/10 remote 0/20

	....and ls -l /var/log shows:
drwx------  2 nobody  nobody       512 Sep 16 22:51 rt2

	Unfortunately, this looks like I need to change the mode of
/var/log/rt2 to something that qmail likes.  I say "unfortunately" because
I had to change the ownership to nobody in order to get the web GUI to
work.

	Am I missing something really obvious?  Maybe a chown/chgrp/chmod
combination for /var/log/rt2 that would work?

							Jaime

More information about the rt-users mailing list