Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2012 15:12:14 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        Ian Lord <lordi@msdi.ca>
Cc:        "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.org>
Subject:   Re: Sendmail recommended permissions for apache/php server
Message-ID:  <4F86E2BE.50807@FreeBSD.org>
In-Reply-To: <AC28A3ECE8FFEA4CAE20B2B79FDB8F709B842A@server01.msdi.local>
References:  <AC28A3ECE8FFEA4CAE20B2B79FDB8F709B6DDB@server01.msdi.local> <20120412034932.b6b7de0a.freebsd@edvax.de> <AC28A3ECE8FFEA4CAE20B2B79FDB8F709B842A@server01.msdi.local>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCC193BE846042AF33AB3D30F
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/04/2012 14:40, Ian Lord wrote:
>> What are the permissions on /usr/libexec/sendmail/sendmail ? They shou=
ld
>> >look like this:
>> >% ls -la /usr/libexec/sendmail/sendmail
>> >-r-xr-sr-x  1 root  smmsp  662136 Apr  1 08:38
>> >/usr/libexec/sendmail/sendmail
> # ls -al /usr/libexec/sendmail/sendmail
> -r-xr-sr-x  1 root  wheel  707160 Jan  3 02:57 /usr/libexec/sendmail/se=
ndmail
>=20
> So the group is wrong... I changed it from wheel to smmsp and
> everything works fine now !
>=20
> Thanks a lot for the fix, but this server is a clean install of
> 9.0-RELEASE that I installed about 2-3 months ago. I never changed the
> permission myself on that file so I guess there is something wrong that=

> would need to be fixed (unless it's already fixed in newer versions).

I haven't had any similar problems on 9.0 systems I've installed so I
don't think it is an obvious and universal bug in the system installer.
 It might be the case that you did something differently -- if you can
reproduce the effect, and if it's not by doing something daft like 'oh,
and here is where we recursively chgrp the whole filesystem for no
apparent reason' then please do send a PR with the details.

If you want to ensure that almost everything has the correct ownership
and permissions, then you can use mtree(8).  eg.

    # cd /
    # mtree -Ue -f /etc/mtree/BSD.root.dist
    # mtree -Ue -f /etc/mtree/BSD.sendmail.dist
    # cd /usr
    # mtree -Ue -f /etc/mtree/BSD.usr.dist
    # cd /usr/include
    # mtree -Ue -f /etc/mtree/BSD.include.dist
    # cd /var
    # mtree -Ue -f /etc/mtree/BSD.var.dist

=2E.. although now I come to look at it, this won't actually fix the grou=
p
ownership on /usr/libexec/sendmail/sendmail for example.  For that,
you'ld probably have to use the system sources or the installation media.=


	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--------------enigCC193BE846042AF33AB3D30F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+G4sUACgkQ8Mjk52CukIz2jgCcDutdUr+qjU5ORlRcm1pHIorG
SUoAnR2NrKXS8bFON+CwqQjBoVoxD70o
=VqOl
-----END PGP SIGNATURE-----

--------------enigCC193BE846042AF33AB3D30F--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4F86E2BE.50807>