Re: Group writable directory
- From: Jørn Dahl-Stamnes <newsmanDELETE@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 14 May 2006 20:41:24 +0200
Per Hedeland wrote:
In article <1147619551.253119.56640@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
"drfremove@xxxxxxxx" <feenberg@xxxxxxxxx> writes:
Jørn Dahl-Stamnes wrote:
I noticed the following messages from /var/log/maillog file:
May 12 20:42:52 skywalker sendmail[21295]: k4CIgm3P021294:
forward /var/spool/mail/.forward.skywalker+: Group writable directory
May 12 20:42:52 skywalker sendmail[21295]: k4CIgm3P021294:
forward /var/spool/mail/.forward+: Group writable directory
May 12 20:42:52 skywalker sendmail[21295]: k4CIgm3P021294:
forward /var/spool/mail/.forward.skywalker: Group writable directory
May 12 20:42:52 skywalker sendmail[21295]: k4CIgm3P021294:
forward /var/spool/mail/.forward: Group writable directory
When checking, there is not such directory. I also checked old mailog
files (63 weeks back in time), but this was the first time I have seen
the message. What could cause this messages?
Somewhere along the path /var/spool/mail one of the directories is
group writable. Sendmail doesn't want to trust what it might be asked
to do by the .forward under those circumstances. The .forward can
include executable commands, so the suspicion is justified as a safety
measure. All you have to do is a "chmod" on the appropriate directory.
All true enough, but: On some systems /var/spool/mail *should* be group
writable, and chmod'ing it may actually break things - and: The question
is why sendmail is looking for .forward files in /var/spool/mail. My
guess is that Jørn has recently added a (pseudo-)user that has
/var/spool/mail as home directory, and mail is being sent to that user.
The simplest fix for that is probably to give that user some other home
directory. If that isn't the problem, check for a non-standard setting
of confFORWARD_PATH in the .mc file (becomes ForwardPath in sendmail.cf)
- I can't think of any reason to include /var/spool/mail there.
I found out that spammers has been sending mail to mail@<my-domain>. I then
removed the line:
mail: root
in the /etc/mail/access file and then did a 'cat /dev/null
/var/spool/mail' to remove all spam mails. The messages in the maillogseem to have been generated after I did this.
If the .forward file has been there before, I should have seen this warnings
before to, right? And since I have not, and can't find the .forward file
either, I can't figure out why I got the warning messages.
--
Jørn Dahl-Stamnes
http://www.dahl-stamnes.net/dahls/
.
- Follow-Ups:
- Re: Group writable directory
- From: Kari Hurtta
- Re: Group writable directory
- References:
- Group writable directory
- From: Jørn Dahl-Stamnes
- Re: Group writable directory
- From: drfremove@xxxxxxxx
- Re: Group writable directory
- From: Per Hedeland
- Group writable directory
- Prev by Date: Re: Group writable directory
- Next by Date: Re: Group writable directory
- Previous by thread: Re: Group writable directory
- Next by thread: Re: Group writable directory
- Index(es):
