newalias permissions problem
Matthew Saltzman
mjs at ces.clemson.edu
Sat Jun 25 15:38:16 UTC 2005
On Sat, 25 Jun 2005, Alexander Dalloz wrote:
> Am Sa, den 25.06.2005 schrieb Matthew Saltzman um 16:07:
>
>> In my freshly installed FC4,
>>
>> $ ls -l /etc/aliases*
>> -rw-r--r-- 1 root root 1512 Apr 25 12:48 /etc/aliases
>> -rw-r----- 1 root smmsp 12288 Jun 24 20:27 /etc/aliases.db
>>
>> so the fix for the original problem would just be
>>
>> chown root /etc/aliases.db
>>
>> The rest of the permissions were fine.
By which I meant, "as they are oringally installed," and also, "so
newaliases will write the file."
>
>> Matthew Saltzman
>
> The group ownership by smmsp of the aliases.db isn't correct, following
> the Sendmail documentation. Please see "FILE AND MAP PERMISSIONS" at top
> of /usr/share/doc/sendmail/README.
>
> "If the permissions 0640 are used, be sure that only trusted users
> belong
> to the group assigned to those files. Otherwise, files should not even
> be group readable."
>
> I even don't see a need for the MSP user to be able to read the
> aliases.db.
>
> And "smmsp" is not a trusted user - and never should be one! In the past
> it has been one by the default Sendmail configuration, but that has been
> corrected by the maintainer after I informed him about this severe setup
> fault.
>
> As a reference to former discussion:
>
> https://www.redhat.com/archives/fedora-list/2004-January/msg06394.html
>
> Alexander
>
Then surely this should be in Bugzilla as a security issue. BTW, FC3
and RHEL4 also have the permissions set as I indicated above.
>
>
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the fedora-list
mailing list