newalias permissions problem
Alexander Dalloz
ad+lists at uni-x.org
Sat Jun 25 14:41:44 UTC 2005
Am Sa, den 25.06.2005 schrieb Matthew Saltzman um 16:07:
> In my freshly installed FC4,
>
> $ ls -l /etc/aliases*
> -rw-r--r-- 1 root root 1512 Apr 25 12:48 /etc/aliases
> -rw-r----- 1 root smmsp 12288 Jun 24 20:27 /etc/aliases.db
>
> so the fix for the original problem would just be
>
> chown root /etc/aliases.db
>
> The rest of the permissions were fine.
> Matthew Saltzman
The group ownership by smmsp of the aliases.db isn't correct, following
the Sendmail documentation. Please see "FILE AND MAP PERMISSIONS" at top
of /usr/share/doc/sendmail/README.
"If the permissions 0640 are used, be sure that only trusted users
belong
to the group assigned to those files. Otherwise, files should not even
be group readable."
I even don't see a need for the MSP user to be able to read the
aliases.db.
And "smmsp" is not a trusted user - and never should be one! In the past
it has been one by the default Sendmail configuration, but that has been
corrected by the maintainer after I informed him about this severe setup
fault.
As a reference to former discussion:
https://www.redhat.com/archives/fedora-list/2004-January/msg06394.html
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp
Serendipity 16:40:39 up 4 days, 54 users, load average: 0.14, 0.19, 0.15
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050625/e2e550dd/attachment-0001.sig>
More information about the fedora-list
mailing list