Thanks for hanging in there with me. I have a (sort of) working
configuration now, but I don't think it's right. If you're only interested
in my question, read only the last paragraph. If you want to see how I
arrived at that question, please follow.
Suggestions from Dan Liston and Neil Rickert were invaluable in helping me,
and I greatly appreciate the assistance.
I have verified that these things are correct:
From: "Neil W Rickert" <rickert+mj@cs.niu.edu>
Sent: Saturday, June 02, 2001 12:53 AM
> >This FAQ tells me to create a sumlink to wrapper in /etc/smrsh.
> >But I already have a link to /usr/lib/majordomo/wrapper in
> >/etc/smrsh, and yet it doesn't work.
>
> Check whether the symlink is correct. Check whether it is accessible
> as the sendmail default user. Check whether "/etc/smrsh" is the correct
> directory (do a 'strings' on the smrsh binary).
OK. Here's how I verified all of that:
leya:/root: grep smrsh /etc/sendmail.cf
##### $Id: smrsh.m4,v 8.14 1999/11/18 05:06:23 ca Exp $ #####
Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL,
R=EnvToL/H
drToL, D=$z:/,
A=smrsh -c $u
I see from the above that /usr/sbin/smrsh will be the secure shell used.
Now, let's see where it'll find its scripts:
leya:/etc/smrsh: strings /usr/sbin/smrsh | grep '/'
/lib/ld-linux.so.2
/etc/smrsh
/bin:/usr/bin:
/bin/sh
Cannot exec /bin/sh: %m
@(#)$Id: smrsh.c,v 8.31.4.6 2000/10/09 20:37:16 gshapiro Exp $
@(#)$Id: strl.c,v 8.5.14.2 2000/09/17 17:04:24 gshapiro Exp $
OK, so it looks like /etc/smrsh is the place to be. But we know it doesn't
work for some reason. Let's switch to majordomo user and run a test to
prove our link:
leya:/etc/smrsh: su - majordomo
Most seminars have a happy ending. Everyone's glad when they're over.
We'll execute wrapper from /etc/smrsh, and pass it an invalid program name:
leya:/etc/smrsh: ./wrapper -v
wrapper: Trying to exec /usr/lib/majordomo-1.94.5/-v failed: No such file
or
directory
Did you define PERL correctly in the Makefile?
HOME is HOME=/usr/lib/majordomo-1.94.5,
PATH is PATH=/bin:/usr/bin:/usr/ucb,
SHELL is SHELL=/bin/sh,
MAJORDOMO_CF is MAJORDOMO_CF=/usr/lib/majordomo-1.94.5/majordomo.cf
leya:/etc/smrsh: id
uid=503(majordomo) gid=503(majordomo) groups=503(majordomo)
Yep, looks like we got the right tool. Hmmm... What happens if we run
"wrapper majordomo" manually?
leya:/etc/smrsh: ./wrapper majordomo
lists
^D
mj_majordomo: ABORT
Majordomo@lovelady.com: is not a valid return address.
Well, that's a problem, but it's not THE problem. (I'll be facing this one
next. Looks valid to me!)
So, as root, I copied /usr/lib/majordomo*/wrapper to /etc/smrsh (rather than
using a link)
leya:/etc/smrsh: exit
leya:/etc/smrsh: id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
leya:/etc/smrsh: mv wrapper wrapper-link
leya:/etc/smrsh: cp /usr/lib/majordomo-1.94.5/wrapper .
leya:/etc/smrsh: echo lists | mail majordomo
Lo and behold, this worked. It's not what I want, but it does work. So
I've a working model, but it's not quite like it should be. Problem must be
in the permissions of the majordomo directory or the wrapper itself. Here's
what I have:
leya:/etc/smrsh: cd /usr/lib
leya:/usr/lib: ls -ld majordomo-1.94.5/
drwxr-x--- 5 majordom majordom 4096 Jun 2 10:08 majordomo-1.94.5/
leya:/usr/lib: cd majordomo-1.94.5/
leya:/usr/lib/majordomo-1.94.5: ls -l wrapper
-rwsr-xr-x 1 root majordom 16819 Jun 1 13:48 wrapper
And at last I see. (I can be slow sometimes.) DefaultUser=8:12 is set in
the sendmail.cf file. This is mail:mail, who has no permissions to the
majordomo directory. To verify that this was the problem, I chmod 755 the
majordomo directory, recreated my link, and it works. What is the
recommended change to allow user/group mail (but nobody else) to execute
wrapper? Or do I need to change the default user, and what are the
ramifications if I do?
--
Dennis Lovelady Fayetteville, GA
mail: dennis@lovelady.com
URL: http://www.lovelady.com
ICQ: 5734860
--
"Advice is what we ask for when we already know the answer but wish we
didn't."
-- Erica Jong
Follow-Ups:
References:
|
|
