[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vps-mail] On the subject of permissions, mail & SA

Subject: [vps-mail] On the subject of permissions, mail & SA
From: "mell.net" <providertalk.lists@xxxxxxxx>
Date: Sun, 4 Apr 2004 18:26:12 +0100

In the Bayes discussion, Scott noted that one should not have to open up
permissions (ie chmod 777) .

I have spamd running with procmail and sendmail. The maillog below shows
the result of an attempt to write to /var/log/procmail.log when
permissions are as standard for procmail.log (ie. 600)

The only way I can get it to work just now is to chmod 666 procmail.log
(606 might work, the point being it requires world permissions, I assume
because it is running as userid?), but I don't like the 'world' being
able to write. Any suggestions? (It has occurred to me I don't really
understand the DROPPRIVS function - can the answer lie there somewhere?)

Apr  3 23:01:25 dommainame spamd[97079]: info: setuid to domainname
succeeded Apr  3 23:01:26 dommainame spamd[97079]: processing message
<000c01c419cf$e0901480$697ba8c0@MOTHER> for domainname:1002. Apr  3
23:01:26 dommainame spamd[97079]: clean message (-96.0/1.0) for
dommainame:1002 in 1.0 seconds, 957 bytes.
>>>Apr  3 23:01:26 dommainame procmail[97076]: Error while writing to
>>>"/var/log/procmail.log"
Apr  3 23:01:26 dommainame spamd[91471]: got connection over
/var/run/spamd.sock Apr  3 23:01:26 dommainame spamd[97082]: info:
setuid to dommainame succeeded Apr  3 23:01:26 dommainame spamd[97082]:
processing message <000c01c419cf$e0901480$697ba8c0@MOTHER> for
dommainame:1002. Apr  3 23:01:26 dommainame spamd[97082]: clean message
(-96.0/1.0) for dommainame:1002 in 0.0 seconds, 1168 bytes. Apr  3
23:01:26 dommainame procmail[97076]: Error while writing to
"/var/log/procmail.log" Apr  3 23:01:26 dommainame sm-mta[97073]:
i33N1P4o097071: to=dommainame , delay=00:00:01, xdelay=00:00:01,
mailer=local, pri=30866, relay=local, dsn=2.0.0, stat=Sent


My /var/log dir has wide open permissions too - is this correct, surely
not?
drwxrwxrwx   2 root    wheel  1024 Apr  3 00:00 log

procmail.log looks like this currently:
-rw-rw-rw-   1 root        wheel  14463 Apr  3 23:01 procmail.log

...and procmailrc is like this:
_______________________________________________________________
VERBOSE=yes
LOGABSTRACT=yes
LOGFILE=/var/log/procmail.log
COMSAT=no

## begin spamassassin vinstall (do not remove these comments)
TMPLOGFILE=$LOGFILE
TMPLOGABSTRACT=$LOGABSTRACT
MPVERBOSE=$VERBOSE

DROPPRIVS=yes
LOGFILE=/dev/null
LOGABSTRACT=yes
VERBOSE=no

:0fw
|/usr/local/bin/spamc -U /var/run/spamd.sock

LOGFILE=$TMPLOGFILE
LOGABSTRACT=$TMPLOGABSTRACT
VERBOSE=$TMPVERBOSE
## end spamassassin vinstall (do not remove these comments)
_______________________________________________________________


======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re: [vps-mail] On the subject of permissions, mail & SA
  - From: Scott Wiersdorf

Prev by Date: RE: [vps-mail] Editable .procmailrc or blacklist
Next by Date: RE: [vps-mail] Editable .procmailrc or blacklist
Previous by thread: RE: [vps-mail] Editable .procmailrc or blacklist
Next by thread: Re: [vps-mail] On the subject of permissions, mail & SA
Index(es):
- Date
- Thread

Main Index | Thread Index