Google
  Web www.spinics.net

Re: Procmail can't create mailbox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Bob McClure Jr wrote:
On Mon, Dec 01, 2008 at 10:11:08AM -0800, Rick Stevens wrote:
Bob McClure Jr wrote:
On Sat, Nov 29, 2008 at 09:28:38AM -0500, Mark Corsi wrote:
My guess is that the server is seeing the process as 'other'. This leaves
two solutions. One is to start the process with sudo so it starts as root. I
would hazard a guess that this would open up an unexpected security hole
since this is a mail process. The other solution is to make the process
owner part of the group that owns that folder and make the folder group
writable. Pretty sure the second solution will maintain security while
accomplishing your goal.
Well, I already have a sufficiently secure work-around, but that works
around a symptom.  I want to find out why an out-of-the-box
configuration quit working.
Were there any diagnostics in the logs that may be of use?

Only

Nov 28 18:45:46 lfvsfcp19080 postfix/local[30613]: 759B024035:
to=<bmcclure@xxxxxx>, orig_to=<root@xxxxxx>, relay=local, delay=3,
delays=0/0/0/3, dsn=5.2.0, status=bounced (can't create user output
file. Command output: procmail: Couldn't create "/var/mail/bmcclure" )

Did you
check /usr/bin/procmail and verified it was rwxr-xr-x (755), owned by
root, group of mail?

-rwxr-xr-x 1 root mail 99128 Jul 12  2006 /usr/bin/procmail

Yes, /var/mail is a symlink to /var/spool/mail and
the link should be mode rwxrwxrwx (777).

lrwxrwxrwx 1 root root 10 Nov 21 20:43 /var/mail -> spool/mail

/var/spool/mail itself should be owned by root, group of mail with mode
rwxrwxr-x (775).

drwxrwxr-x 2 root mail 4096 Nov 28 04:02 /var/spool/mail

The files below that should be owned by the user whose
mailbox it is, group of mail with mode rw-rw---- (660).

-rw------- 1 root root 0 Nov 28 04:02 root
-rw-rw---- 1 root mail 0 Nov 21 20:52 root2
-rw-rw---- 1 rpc  mail 0 Nov 21 20:47 rpc

I know of no extra things that may be affected by the addition of a user
via the "adduser" scripts that wouldn't be handled IF all of the user-
related files (home directories, hidden files, etc.) are present.

drwx------ 25 bmcclure bmcclure 12288 Dec  1 04:02 /home/bmcclure
-rw-r--r-- 1 bmcclure apache 1716 Nov 28 21:40 /home/bmcclure/.procmailrc

I am mystified.

Have you tried (as root):

	touch /var/mail/bmcclure
	chown bmcclure:mail /var/mail/bmcclure
	chmod 660 /var/mail/bmcclure

Not sure if the adduser scripts create the empty mailbox or not.  They
may...check that, they do.  One of the possible exit values for useradd
is:

	13 can’t create mail spool

Ok, now THAT'S subtle to find!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-        Change is inevitable, except from a vending machine.        -
----------------------------------------------------------------------

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@xxxxxxxxxx
Subject: unsubscribe

[Red Hat Kickstart]     [Fedora Users]     [Red Hat General]     [Red Hat Development]     [Samba]     [Kernel]     [Kernel Newbies]     [Hot Springs]     [Yosemite News]

Powered by Linux