mqueue file permissions

Rose, Bobby brose at MED.WAYNE.EDU
Wed Jan 29 22:15:05 GMT 2003


Bingo I think that did it.  SA is enabled and the mask is getting set
correctly.

-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK] 
Sent: Wednesday, January 29, 2003 4:58 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: mqueue file permissions


As they might be changing the umask every time, I have moved the umask
setting to much lower-level code, so that it gets done before every open
file + lock it.

--- /usr/lib/MailScanner/MailScanner/Lock.pm      Sun Nov 24 12:06:15
2002
+++ Lock.pm     Wed Jan 29 23:08:20 2003
@@ -348,6 +348,9 @@
      defined $rw or $rw = ((substr($fn,0,1) eq '>')?"w":"r");
      $rw =~ /^[rs]/i or $rw = 'w';

+    # Set umask every time as SpamAssassin might have reset it
+    umask 0077;
+
      unless (open($fh, $fn)) {
         MailScanner::Log::InfoLog("Could not open file $fn: %s", $!)
            unless $quiet;

See if that does the job.

At 21:37 29/01/2003, you wrote:
>Adding umask above didn't fix.  I checked the change log on SA and the 
>only entry that mentions umask is
>
>2003-01-19 04:25  felicity
>
>         * lib/Mail/SpamAssassin/: BayesStore.pm, Conf.pm,
>         DBBasedAddrList.pm, NoMailAudit.pm, PerMsgStatus.pm, Util.pm: 
>Put
>         umask around any open or tie commands.  This will 1) let the 
>*_mode
>         options work as expected, and 2) keep some of our temp files 
>more
>         secure.
>
>If I grep thru all the pm files I see some umasks set to 0 and some 
>077. The 077's are in their BayeStore.pm, NoMailAudit.pm and a 
>UnixLocker.pm
>
>
>So it looks like they are changing it.  What a pain!
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Wednesday, January 29, 2003 3:46 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: mqueue file permissions
>
>
>Fancy checking there are no "umask" calls in the SA code that weren't 
>there before? The actual spam checking is done in a forked process, so 
>umask calls in there won't have any effect. But if they have umask 
>calls in places they shouldn't, it might be possible that they execute 
>one in the main MS thread. If that is the case, I'm going to have to 
>move the umask call again.
>
>Is my suggested earlier change working okay? (Adding "umask 0077;" near

>the top of WorkForHours() in the main /usr/sbin/MailScanner script).
>
> >-----Original Message-----
> >From: Brian Peterson [mailto:brian at KAOSTECH.COM]
> >Sent: Wednesday, January 29, 2003 12:46 PM
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: mqueue file permissions
> >
> >
> >I've been seeing problems with the mqueue qf file modes when 
> >SpamAssassin is enabled, I've used both SpamAssassin 2.43 and 2.50. 
> >The qf files are being delivered to the mqueue directory mode 664 
> >instead of 600 which sendmail then complains about bogus uid even 
> >though it's the permission.  Has anyone seen this before?
> >
> >Jan 29 09:34:34 alpha sendmail[7657]: h0THY4D07651: bogus queue file,

> >uid=0, mode=100664 Jan 29 09:34:34 alpha sendmail[7657]: 
> >h0THY4D07651: Losing ./qfh0THY4D07651: bogus file uid in mqueue
> >
> >-rw-------    1 root     root            7 Jan 29 09:34
dfh0THY4D07651
> >-rw-rw-r--    1 root     root          894 Jan 29 09:34
Qfh0THY4D07651
> >
> >
> >
> >Brian Peterson
> >mailto:kaos at kaostech.com
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support




More information about the MailScanner mailing list