mailscanner at YETICOMPUTERS.COM
Thu Aug 18 16:24:45 IST 2005
When I execute /opt/MailScanner/bin/check_mailscanner as root with:
Run As User = postfix
Run As Group = postfix
in MailScanner.conf, I get the error:
Cannot open config file /opt/MailScanner/etc/MailScanner.conf, Permission
denied at /opt/MailScanner/lib/MailScanner/Config.pm line 592.
Seems easy enough, but I'm stuck. I've chowned
/opt/MailScanner/etc/MailScanner.conf to postfix:postfix. I've chmodded the
file all the way to 777 and done the same for every file and directory in
the opt/MailScanner/ tree (including /opt/MailScanner). None of this
helped, so I got more creative...
I temporarily gave the postix user a shell. When I ran
/opt/MailScanner/bin/check_mailscanner directly while logged in as the
postfix user, it worked fine. If I did "su postfix -c
/opt/MailScanner/bin/check_mailscanner" as root, it worked fine. So, I
thought it must have something to do with the uid change. The log shows:
Aug 18 10:50:59 mail root: MailScanner setting GID to postfix (207)
Aug 18 10:50:59 mail root: MailScanner setting UID to postfix (207)
and a line I added to the SetUidGid function in MailScanner confirms that
both real and effective ids are being set. I tried using the POSIX routine
instead of the perlvars, but got the same result.
I've tried both the emerged perl modules and the ones installed by the
MailScanner and completely rebuilt Perl once. Nothing changes.
The apparently relevant lines from strace show:
[pid 7106] write(3, "<14>root: MailScanner setting UI"..., 52) = 52
[pid 7106] setresuid32(207, 207, -1) = 0
[pid 7106] getuid32() = 207
[pid 7106] geteuid32() = 207
[pid 7106] open("/opt/MailScanner/etc/MailScanner.conf",
O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
[pid 7106] write(2, "Cannot open config file /opt/Mai"..., 137Cannot open
config file /opt/MailScanner/etc/MailScanner.conf, Permission denied at
/opt/MailScanner/lib/MailScanner/Config.pm line 592.
) = 137
Right now I'm making it work by giving the postfix user a shell and then
setting it back to /bin/false after MailScanner is running. I can function
like this if necessary but I'd *really* like to know what's going on here.
P4 1.8GHz, 512M, 40G
Gentoo Linux 2005.1
EXT3 filesystem without extended attributes or security labels
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner