75862 – default sendmail.mc file needs define(`confTRUSTED_USER', `smmsp')

Bug 75862 - default sendmail.mc file needs define(`confTRUSTED_USER', `smmsp')

Summary: default sendmail.mc file needs define(`confTRUSTED_USER', `smmsp')

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	sendmail
Sub Component:
Version:	8.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Florian La Roche
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-10-14 05:54 UTC by James Ralston
Modified:	2007-04-18 16:47 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-01-22 14:36:36 UTC
Embargoed:

Attachments	(Terms of Use)

Description James Ralston 2002-10-14 05:54:12 UTC

By default, the makemap program produces mode 0640 db files, owner root, group
root.  This is appropriate for db files which will be utilized only by the SMTP
daemon.

However, if the FEATURE(`genericstable') is being used, the MSP daemon needs to
be able to access the genericstable.db file.  That means genericstable.db needs
to be either group smmsp or world readable.

(Granted, since makemap writes a new db file by truncating the existing file
(instead of creating a new temporary file and then linking it to the correct
filename), if one manually adjusts the genericstable.db so that the MSP daemon
can read it, it resolves the problem as long as the genericstable.db file is
never deleted.  But relying on manual correction is a bug.  Sendmail should get
the permissions correct automatically.)

The way I resolved this was to edit /etc/mail/Makefile and add another step to
the %.db target:

%.db : %
        @makemap hash $@ < $<
        @if test "$@" = genericstable.db; then \
                chgrp smmsp genericstable.db; \
        fi

What I'm pondering now is if any other db files need to be readable by the MSP
daemon.  (I don't *think* so, but so far, I haven't put Red Hat 8.0 on any
"real" mail servers, and my development box doesn't do any complicated sendmail
stuff.)

Anyway, do you have a better idea how to resolve the problem of ensuring that
the MSP daemon has access to the db files it needs to consult?

Comment 1 James Ralston 2002-10-14 06:02:39 UTC

I should have been more general: this not only affects the MSP daemon (i.e., the
queue runner for /var/spool/clientmqueue), but /usr/sbin/sendmail itself,
whenever it's being invoked locally as mail submission program.

Comment 2 Florian La Roche 2002-11-03 19:06:40 UTC

Seems TrustedUser is not set correctly as option.

Florian La Roche

Comment 3 James Ralston 2002-11-04 07:17:04 UTC

I was considering doing that, but I wanted to figure out why Red Hat didn't
already do that in the provided sendmail.mc file.

(Despite what the Installation and Operating Guide states, I can't see how
TrustedUser affects "starting the daemon".  Setting TrustedUser to smmsp does
make it so that the database files are owned by the smmsp user, though.)

Comment 4 James Ralston 2003-01-20 05:39:44 UTC

Placing the following line:

define(`confTRUSTED_USER', `smmsp')

...into sendmail.mc seems to work, without any side-effects.

IMHO, this line should be in Red Hat Linux's /etc/mail/sendmail.mc file
out-of-the-box; users shouldn't have to add it themselves.  I've updated the
Summary info for this bug accordingly

Comment 5 Florian La Roche 2003-01-22 14:36:36 UTC

Seems submit.cf gets this right, but .mc needs this extra line added.
This is now fixed in 8.12.7-5 and newer.

Thanks a lot,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.