Bug 75862 - default sendmail.mc file needs define(`confTRUSTED_USER', `smmsp')
default sendmail.mc file needs define(`confTRUSTED_USER', `smmsp')
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-10-14 01:54 EDT by James Ralston
Modified: 2007-04-18 12:47 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-22 09:36:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James Ralston 2002-10-14 01:54:12 EDT
By default, the makemap program produces mode 0640 db files, owner root, group
root.  This is appropriate for db files which will be utilized only by the SMTP
daemon.

However, if the FEATURE(`genericstable') is being used, the MSP daemon needs to
be able to access the genericstable.db file.  That means genericstable.db needs
to be either group smmsp or world readable.

(Granted, since makemap writes a new db file by truncating the existing file
(instead of creating a new temporary file and then linking it to the correct
filename), if one manually adjusts the genericstable.db so that the MSP daemon
can read it, it resolves the problem as long as the genericstable.db file is
never deleted.  But relying on manual correction is a bug.  Sendmail should get
the permissions correct automatically.)

The way I resolved this was to edit /etc/mail/Makefile and add another step to
the %.db target:

%.db : %
        @makemap hash $@ < $<
        @if test "$@" = genericstable.db; then \
                chgrp smmsp genericstable.db; \
        fi

What I'm pondering now is if any other db files need to be readable by the MSP
daemon.  (I don't *think* so, but so far, I haven't put Red Hat 8.0 on any
"real" mail servers, and my development box doesn't do any complicated sendmail
stuff.)

Anyway, do you have a better idea how to resolve the problem of ensuring that
the MSP daemon has access to the db files it needs to consult?
Comment 1 James Ralston 2002-10-14 02:02:39 EDT
I should have been more general: this not only affects the MSP daemon (i.e., the
queue runner for /var/spool/clientmqueue), but /usr/sbin/sendmail itself,
whenever it's being invoked locally as mail submission program.
Comment 2 Florian La Roche 2002-11-03 14:06:40 EST
Seems TrustedUser is not set correctly as option.

Florian La Roche
Comment 3 James Ralston 2002-11-04 02:17:04 EST
I was considering doing that, but I wanted to figure out why Red Hat didn't
already do that in the provided sendmail.mc file.

(Despite what the Installation and Operating Guide states, I can't see how
TrustedUser affects "starting the daemon".  Setting TrustedUser to smmsp does
make it so that the database files are owned by the smmsp user, though.)
Comment 4 James Ralston 2003-01-20 00:39:44 EST
Placing the following line:

define(`confTRUSTED_USER', `smmsp')

...into sendmail.mc seems to work, without any side-effects.

IMHO, this line should be in Red Hat Linux's /etc/mail/sendmail.mc file
out-of-the-box; users shouldn't have to add it themselves.  I've updated the
Summary info for this bug accordingly
Comment 5 Florian La Roche 2003-01-22 09:36:36 EST
Seems submit.cf gets this right, but .mc needs this extra line added.
This is now fixed in 8.12.7-5 and newer.

Thanks a lot,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.