Re: mailq & trusted user
On Wed, 25 Apr 2001, Stefano Zacchiroli wrote:
> With new sendmail 8.11.3+8.12.0.Beta7-3 executing 'mailq' answer me:
>
> can not chdir(/var/spool/mqueue/): Permission denied
> Program mode requires special privileges, e.g., root or TrustedUser.
>
> from this message it seems that adding the user to
> /etc/mail/trusted-users can solve the problem, but this is _not_ the
> case !
>
> In fact doing strace of mailq it's' clear that 'mailq' attempt to enter
> /var/spool/mqueue/ dir that is readable/executable only by root and mail
> group members'.
>
> So, why this mention to TrustedUser ???
There are two different notions of trust:
1) TrustedUser: able to own databases and start sendmail (ie 'mail')
2) trustedusers: able to set whatever from line and have it *not*
marked as a forgery attempt (ie uucp, majordomo)
This whole mess is one of the problems with the MTA/MSP split, making
mailq, etc non-suid.
Here are the problems I'm struggling with in regards to the split:
*) mailq, runq, etc now need root - probably ok for runq, but people
have been accustomed to doing mail from user accounts. I can
make these commands wrapper scripts that look at both MSP and
MTA queues, but will that adversly impact folk who expect to
parse the output ?
*) mail, etc, now only deal with the MTA queues, and people have
gotten confused, thinking mail has disappeared, when infact it
is in /var/spool/mqueue-client instead of /var/spool/mqueue.
*) is MSP a viable alternative to a nullclient/smarthost setup?
what level of functionality should the MSP have -- its currently
setup to *only* deal with the MTA on localhost.
There are probably others... I've been banging my head against the
wall on too many problems lately - got a few problems fixed that
hopefully made todays dinstall run (haven't checked yet), and a few
extensions (like queue-aging) I'm working on, so I'm kinda muddled
for the nonce ;)
--
Rick Nelson
<Knghtbrd> RoboHak - okay, the patch isn't broken, but my brain
apparently is
<wc> that's nothing new (;
<Knghtbrd> wc - hush.
<Knghtbrd> =>
Reply to: