Bug 694987 - Directory permissions cause sendmail to fail
Summary: Directory permissions cause sendmail to fail
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: sendmail
Version: 14
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Jaroslav Škarvada
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-04-09 13:25 UTC by Richard Kimberly Heck
Modified: 2011-04-22 14:59 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-04-22 14:59:01 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Richard Kimberly Heck 2011-04-09 13:25:55 UTC 
After a recent upgrade, I started to get repeated errors of the following sort:

Apr  3 08:56:53 rghquad sendmail[20178]: STARTTLS=client, relay=smtp.comcast.net, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Apr  3 08:56:53 rghquad sendmail[20178]: error: safesasl(/usr/lib64/sasl2/libsasldb.so) failed: Group writable directory
Apr  3 08:56:53 rghquad sendmail[20178]: error: safesasl(/usr/lib64/sasl2/libcrammd5.so) failed: Group writable directory
Apr  3 08:56:53 rghquad sendmail[20178]: error: safesasl(/usr/lib64/sasl2/liblogin.so) failed: Group writable directory
Apr  3 08:56:53 rghquad sendmail[20178]: error: safesasl(/usr/lib64/sasl2/libdigestmd5.so) failed: Group writable directory
Apr  3 08:56:53 rghquad sendmail[20178]: error: safesasl(/usr/lib64/sasl2/libanonymous.so) failed: Group writable directory
Apr  3 08:56:53 rghquad sendmail[20178]: error: safesasl(/usr/lib64/sasl2/libplain.so) failed: Group writable directory
Apr  3 08:56:53 rghquad sendmail[20178]: p33C5BIE003642: AUTH=client, available mechanisms do not fulfill requirements
Apr  3 08:56:53 rghquad sendmail[20178]: AUTH=client, relay=smtp.comcast.net, temporary failure, connection abort

The reason turns out to be that sendmail wants /usr/lib64/sasl2 AND ALL ITS SUPERDIRECTORIES to be writeable by its owner only. So:
  chmod 755 /usr
  chmod 755 /usr/lib64
  chmod 755 /usr/lib64/sasl2
solves the problem. 

Has there been some change in sendmail's configuration that led to this problem? It seems, as I said, to have arrived with the last update.

[rgheck@rghquad mail]# rpm -q sendmail
sendmail-8.14.4-10.fc14.x86_64
Comment 1 Jaroslav Škarvada 2011-04-21 14:26:32 UTC 
I am unable to reproduce. AFAIK nothing related was changed in sendmail:

Changelog between 8.14.4-9 - 8.14.4-10
- fixed m4 ldap routing macro, backported from 8.14.5.Alpha0, (#650366)
- fixed MAXHOSTNAMELEN (#485380)
- updated sendmail.nm-dispatcher script to handle VPN connections (#577540)
- added comments about purpose of files and patches

The /usr/lib64/sasl2 shouldn't be group/others writeable otherwise your installation is somehow modified, check:
# rpm -V cyrus-sasl cyrus-sasl-lib
Comment 2 Richard Kimberly Heck 2011-04-21 22:15:28 UTC 
I think my problem was that /usr was 0775; I don't remember about /usr/lib64/sasl2 now. Perhaps that is something from way back, but I don't know why I'd just have started seeing that.
Comment 3 Jaroslav Škarvada 2011-04-22 14:59:01 UTC 
OK, thanks, by default /usr shouldn't be 0775:
# rpm -V filesystem

It doesn't seem to be sendmail fault, thus closing. Feel free to reopen in case there will be more information.
Note You need to log in before you can comment on or make changes to this bug.