Red Hat Bugzilla – Bug 75862
default sendmail.mc file needs define(`confTRUSTED_USER', `smmsp')
Last modified: 2007-04-18 12:47:32 EDT
By default, the makemap program produces mode 0640 db files, owner root, group
root. This is appropriate for db files which will be utilized only by the SMTP
However, if the FEATURE(`genericstable') is being used, the MSP daemon needs to
be able to access the genericstable.db file. That means genericstable.db needs
to be either group smmsp or world readable.
(Granted, since makemap writes a new db file by truncating the existing file
(instead of creating a new temporary file and then linking it to the correct
filename), if one manually adjusts the genericstable.db so that the MSP daemon
can read it, it resolves the problem as long as the genericstable.db file is
never deleted. But relying on manual correction is a bug. Sendmail should get
the permissions correct automatically.)
The way I resolved this was to edit /etc/mail/Makefile and add another step to
the %.db target:
%.db : %
@makemap hash $@ < $<
@if test "$@" = genericstable.db; then \
chgrp smmsp genericstable.db; \
What I'm pondering now is if any other db files need to be readable by the MSP
daemon. (I don't *think* so, but so far, I haven't put Red Hat 8.0 on any
"real" mail servers, and my development box doesn't do any complicated sendmail
Anyway, do you have a better idea how to resolve the problem of ensuring that
the MSP daemon has access to the db files it needs to consult?
I should have been more general: this not only affects the MSP daemon (i.e., the
queue runner for /var/spool/clientmqueue), but /usr/sbin/sendmail itself,
whenever it's being invoked locally as mail submission program.
Seems TrustedUser is not set correctly as option.
Florian La Roche
I was considering doing that, but I wanted to figure out why Red Hat didn't
already do that in the provided sendmail.mc file.
(Despite what the Installation and Operating Guide states, I can't see how
TrustedUser affects "starting the daemon". Setting TrustedUser to smmsp does
make it so that the database files are owned by the smmsp user, though.)
Placing the following line:
...into sendmail.mc seems to work, without any side-effects.
IMHO, this line should be in Red Hat Linux's /etc/mail/sendmail.mc file
out-of-the-box; users shouldn't have to add it themselves. I've updated the
Summary info for this bug accordingly
Seems submit.cf gets this right, but .mc needs this extra line added.
This is now fixed in 8.12.7-5 and newer.
Thanks a lot,
Florian La Roche