HPE Community
Operating System - HP-UX
1752577 Members
4982 Online
108788 Solutions
New Discussion юеВ

About sendmail sm_io_flush||sm_io_error

 
Livia
Advisor

тАО07-01-2008 06:22 PM

тАО07-01-2008 06:22 PM

About sendmail sm_io_flush||sm_io_error

I just upgrade my sendmail from 8.12.8 to 8.13.3.
(and forget to backup my sendmail.cf)
Then, EVERYONE cannot send mail except root.
The error message is (when I use user "lilia"):

collect: Cannot write ./dfm622C5uU025868 (bfcommit, uid=105, gid=6): Permission denied
queueup: cannot create queue file ./qfm622C5uU025868, euid=105, fd=-1, fp=0x0: Permission denied

I think it is because user "lilia" cannot write queue into /var/spool/mqueue

/var/spool# ls -la
drwxr-xr-x 2 root mail 8192 Jul 2 10:00 mqueue

But I do not know if I should chmod 777 /var/spool/mqueue or there is other way to config the sendmail.

Does anyone have any good ideas?
0 Kudos
Reply
4 REPLIES 4
Dennis Handly
Acclaimed Contributor

тАО07-01-2008 07:44 PM

тАО07-01-2008 07:44 PM

Re: About sendmail sm_io_flush||sm_io_error

What are the permissions for sendmail itself? I would just about have to be setuid.
0 Kudos
Reply
Livia
Advisor

тАО07-02-2008 10:16 PM

тАО07-02-2008 10:16 PM

Re: About sendmail sm_io_flush||sm_io_error

Some other informations:

/home/lilia# ps -ef | grep sendmail
root 1436 1 0 Jun 26 ? 4:39 sendmail: accepting connections

in sendmail.cf:

# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root


But on an system with sendmail function normal:

# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail

(No TrustedUser. However, since everything is marked, I think they are the same.)

/var/spool# ps -ef | grep sendmail
root 1398 1 0 Nov 26 ? 84:45 sendmail: accepting connections on port 25
(Still the same)

/var/spool# ls -la
drwxr-xr-x 2 bin bin 8192 Jul 3 07:30 mqueue
(this is the only difference?!)
0 Kudos
Reply
Livia
Advisor

тАО07-03-2008 01:50 AM

тАО07-03-2008 01:50 AM

Re: About sendmail sm_io_flush||sm_io_error

I found something but still feel strange.

my sendmail:

/var/adm# ls -la /usr/contrib/sendmail/usr/sbin/sendmail
-r-xr-sr-x 1 root mail 1826816 Nov 20 2007 /usr/contrib/sendmail/usr/sbin/sendmail

So U think sendmail should be execute with group "mail" permission.
I have changed mqueue permission to:
drwxrwxr-x 2 root mail 8192 Jul 3 17:44 mqueue

In theory, with group permission "mail", sendmail should have permission to write into mqueue.

But it cannot.

I try to change sendmail permission to 4555(-r-sr-xr-x), and then it works.

But why I cannot use group permission "mail"?
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-03-2008 04:16 AM

тАО07-03-2008 04:16 AM

Re: About sendmail sm_io_flush||sm_io_error

>since everything is marked, I think they are the same.

Yes, they seem to be commented out, so unless the default has changed they should be the same.

>drwxr-xr-x 2 bin bin mqueue (this is the only difference?!)

This seems like the wrong owner.

>-r-xr-sr-x 1 root mail /usr/contrib/sendmail/usr/sbin/sendmail
>So you think sendmail should be execute with group "mail" permission.

What does the HP version have?

>I have changed mqueue permission to: drwxrwxr-x 2 root mail mqueue

Does this match another system?

>with group permission "mail", sendmail should have permission to write into mqueue.

Yes but only /var/mail has this type of security.

>I try to change sendmail permission to -r-sr-xr-x, and then it works.

Does this match what /usr/sbin/sendmail has?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.