[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: newalias permissions problem



On Sat, 25 Jun 2005, Alexander Dalloz wrote:

Am Sa, den 25.06.2005 schrieb Matthew Saltzman um 16:07:

In my freshly installed FC4,

 	$ ls -l /etc/aliases*
 	-rw-r--r--  1 root root   1512 Apr 25 12:48 /etc/aliases
 	-rw-r-----  1 root smmsp 12288 Jun 24 20:27 /etc/aliases.db

so the fix for the original problem would just be

 	chown root /etc/aliases.db

The rest of the permissions were fine.

By which I meant, "as they are oringally installed," and also, "so newaliases will write the file."



Matthew Saltzman

The group ownership by smmsp of the aliases.db isn't correct, following the Sendmail documentation. Please see "FILE AND MAP PERMISSIONS" at top of /usr/share/doc/sendmail/README.

"If the permissions 0640 are used, be sure that only trusted users
belong
to the group assigned to those files.  Otherwise, files should not even
be group readable."

I even don't see a need for the MSP user to be able to read the
aliases.db.

And "smmsp" is not a trusted user - and never should be one! In the past
it has been one by the default Sendmail configuration, but that has been
corrected by the maintainer after I informed him about this severe setup
fault.

As a reference to former discussion:

https://www.redhat.com/archives/fedora-list/2004-January/msg06394.html

Alexander


Then surely this should be in Bugzilla as a security issue. BTW, FC3 and RHEL4 also have the permissions set as I indicated above.





-- Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]