From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 12 14:12:32 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DC1491065679
	for <freebsd-questions@FreeBSD.org>;
	Thu, 12 Apr 2012 14:12:31 +0000 (UTC)
	(envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id 621BF8FC17
	for <freebsd-questions@FreeBSD.org>;
	Thu, 12 Apr 2012 14:12:31 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[IPv6:2001:8b0:151:1:fa1e:dfff:feda:c0bb]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	q3CECLsT019397
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Thu, 12 Apr 2012 15:12:23 +0100 (BST)
	(envelope-from matthew@FreeBSD.org)
X-DKIM: OpenDKIM Filter v2.5.1 smtp.infracaninophile.co.uk q3CECLsT019397
Authentication-Results: smtp.infracaninophile.co.uk/q3CECLsT019397;
	dkim=none (no signature); dkim-adsp=none
Message-ID: <4F86E2BE.50807@FreeBSD.org>
Date: Thu, 12 Apr 2012 15:12:14 +0100
From: Matthew Seaman <matthew@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Ian Lord <lordi@msdi.ca>
References: <AC28A3ECE8FFEA4CAE20B2B79FDB8F709B6DDB@server01.msdi.local>
	<20120412034932.b6b7de0a.freebsd@edvax.de>
	<AC28A3ECE8FFEA4CAE20B2B79FDB8F709B842A@server01.msdi.local>
In-Reply-To: <AC28A3ECE8FFEA4CAE20B2B79FDB8F709B842A@server01.msdi.local>
X-Enigmail-Version: 1.4
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigCC193BE846042AF33AB3D30F"
X-Virus-Scanned: clamav-milter 0.97.4 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.org>
Subject: Re: Sendmail recommended permissions for apache/php server
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 14:12:32 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCC193BE846042AF33AB3D30F
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/04/2012 14:40, Ian Lord wrote:
>> What are the permissions on /usr/libexec/sendmail/sendmail ? They shou=
ld
>> >look like this:
>> >% ls -la /usr/libexec/sendmail/sendmail
>> >-r-xr-sr-x  1 root  smmsp  662136 Apr  1 08:38
>> >/usr/libexec/sendmail/sendmail
> # ls -al /usr/libexec/sendmail/sendmail
> -r-xr-sr-x  1 root  wheel  707160 Jan  3 02:57 /usr/libexec/sendmail/se=
ndmail
>=20
> So the group is wrong... I changed it from wheel to smmsp and
> everything works fine now !
>=20
> Thanks a lot for the fix, but this server is a clean install of
> 9.0-RELEASE that I installed about 2-3 months ago. I never changed the
> permission myself on that file so I guess there is something wrong that=

> would need to be fixed (unless it's already fixed in newer versions).

I haven't had any similar problems on 9.0 systems I've installed so I
don't think it is an obvious and universal bug in the system installer.
 It might be the case that you did something differently -- if you can
reproduce the effect, and if it's not by doing something daft like 'oh,
and here is where we recursively chgrp the whole filesystem for no
apparent reason' then please do send a PR with the details.

If you want to ensure that almost everything has the correct ownership
and permissions, then you can use mtree(8).  eg.

    # cd /
    # mtree -Ue -f /etc/mtree/BSD.root.dist
    # mtree -Ue -f /etc/mtree/BSD.sendmail.dist
    # cd /usr
    # mtree -Ue -f /etc/mtree/BSD.usr.dist
    # cd /usr/include
    # mtree -Ue -f /etc/mtree/BSD.include.dist
    # cd /var
    # mtree -Ue -f /etc/mtree/BSD.var.dist

=2E.. although now I come to look at it, this won't actually fix the grou=
p
ownership on /usr/libexec/sendmail/sendmail for example.  For that,
you'ld probably have to use the system sources or the installation media.=


	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--------------enigCC193BE846042AF33AB3D30F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+G4sUACgkQ8Mjk52CukIz2jgCcDutdUr+qjU5ORlRcm1pHIorG
SUoAnR2NrKXS8bFON+CwqQjBoVoxD70o
=VqOl
-----END PGP SIGNATURE-----

--------------enigCC193BE846042AF33AB3D30F--