mqueue file permissions
Rose, Bobby
brose at MED.WAYNE.EDU
Wed Jan 29 22:15:05 GMT 2003
Bingo I think that did it. SA is enabled and the mask is getting set
correctly.
-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: Wednesday, January 29, 2003 4:58 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: mqueue file permissions
As they might be changing the umask every time, I have moved the umask
setting to much lower-level code, so that it gets done before every open
file + lock it.
--- /usr/lib/MailScanner/MailScanner/Lock.pm Sun Nov 24 12:06:15
2002
+++ Lock.pm Wed Jan 29 23:08:20 2003
@@ -348,6 +348,9 @@
defined $rw or $rw = ((substr($fn,0,1) eq '>')?"w":"r");
$rw =~ /^[rs]/i or $rw = 'w';
+ # Set umask every time as SpamAssassin might have reset it
+ umask 0077;
+
unless (open($fh, $fn)) {
MailScanner::Log::InfoLog("Could not open file $fn: %s", $!)
unless $quiet;
See if that does the job.
At 21:37 29/01/2003, you wrote:
>Adding umask above didn't fix. I checked the change log on SA and the
>only entry that mentions umask is
>
>2003-01-19 04:25 felicity
>
> * lib/Mail/SpamAssassin/: BayesStore.pm, Conf.pm,
> DBBasedAddrList.pm, NoMailAudit.pm, PerMsgStatus.pm, Util.pm:
>Put
> umask around any open or tie commands. This will 1) let the
>*_mode
> options work as expected, and 2) keep some of our temp files
>more
> secure.
>
>If I grep thru all the pm files I see some umasks set to 0 and some
>077. The 077's are in their BayeStore.pm, NoMailAudit.pm and a
>UnixLocker.pm
>
>
>So it looks like they are changing it. What a pain!
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Wednesday, January 29, 2003 3:46 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: mqueue file permissions
>
>
>Fancy checking there are no "umask" calls in the SA code that weren't
>there before? The actual spam checking is done in a forked process, so
>umask calls in there won't have any effect. But if they have umask
>calls in places they shouldn't, it might be possible that they execute
>one in the main MS thread. If that is the case, I'm going to have to
>move the umask call again.
>
>Is my suggested earlier change working okay? (Adding "umask 0077;" near
>the top of WorkForHours() in the main /usr/sbin/MailScanner script).
>
> >-----Original Message-----
> >From: Brian Peterson [mailto:brian at KAOSTECH.COM]
> >Sent: Wednesday, January 29, 2003 12:46 PM
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: mqueue file permissions
> >
> >
> >I've been seeing problems with the mqueue qf file modes when
> >SpamAssassin is enabled, I've used both SpamAssassin 2.43 and 2.50.
> >The qf files are being delivered to the mqueue directory mode 664
> >instead of 600 which sendmail then complains about bogus uid even
> >though it's the permission. Has anyone seen this before?
> >
> >Jan 29 09:34:34 alpha sendmail[7657]: h0THY4D07651: bogus queue file,
> >uid=0, mode=100664 Jan 29 09:34:34 alpha sendmail[7657]:
> >h0THY4D07651: Losing ./qfh0THY4D07651: bogus file uid in mqueue
> >
> >-rw------- 1 root root 7 Jan 29 09:34
dfh0THY4D07651
> >-rw-rw-r-- 1 root root 894 Jan 29 09:34
Qfh0THY4D07651
> >
> >
> >
> >Brian Peterson
> >mailto:kaos at kaostech.com
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list