[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Unhappy procmail

Subject: RE: [cobalt-users] Unhappy procmail
From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
Date: Fri Jun 8 05:48:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> From: "Dan Kriwitsky" <webhosting@xxxxxxxxx>
>
> > > procmail: Suspicious rcfile
> "/home/sites/site1/users/username/.procmailrc"
> > > procmail: Couldn't read
> "/home/sites/site1/users/username/.procmailrc"
> > >
> > > Here is what my user .procmailrc file contains
> > >
> > > #filter all messages from cerain user
> > > :0:user.lock
> > > * ^From: .*\<user@domain\.com\>
> > > /dev/null
> > >
> > > Permissions are set to 644 (-rw-r--r-- )
> > >
> > > What's wrong with this??
> > >
> > Who is the owner? IIRC, it must be owned by the username.
>
> I chowned it to the username after I created it. No good.

Here are a few areas to poke around in.

1. To quote the DIAGNOSTICS section of the procmail(1) manpage:

     Suspicious rcfile "x"  The owner of the rcfile was  not  the
                            recipient or root, the file was world
                            writable, or the directory that  con-
                            tained it was world writable, or this
                            was      the      default      rcfile
                            ($HOME/.procmailrc) and either it was
                            group writable or the directory  that
                            contained  it was group writable (the
				    rcfile was not used).
OK, that's the obligatory homage to manpages paid in full. Now lets
solve the problem.


2. I don't know what version of procmail you're running. It might be
helpful if you could post the output of "procmail -v" (just the version
number will be fine) Later procmail versions (beginning at 3.13 I
believe) by default don't trust group writable home directories or
~/.procmailrc files. Recheck all home directories to ensure none are
group writeable. You could take users .procmailrc's all the way down to
0600 without causing a problem.

3. One other possibility exists, but it's kinda remote.
The problem could be that procmail was compiled without setting
GROUP_PER_USER on.  If your setup gives every user a private group, and
your rcfile or the directory it resides in is group-writable, that's
not really a security problem because you're the only member of your
group.
Procmail doesn't know that there are special circumstances making it
safe
to use a group-writable rcfile (or an rcfile in a group-writable
directory).
So, if that's the problem then you should either recompile procmail
with the GROUP_PER_USER option , or execute the command:
	chmod go-w $HOME $HOME/.procmailrc

This is permissions...pure and simple. No ambiguity no doubt.

Regards & HTH
-Colin
--
Colin J. Raven

Follow-Ups:
- RE: [cobalt-users] Unhappy procmail
  - From: baltimoremd

References:
- Re: [cobalt-users] Unhappy procmail
  - From: Kevin D

Prev by Date: Re: [cobalt-users] Symbolic link for /usr directory
Next by Date: [cobalt-users] Subscribers "Control Panel" plug-in for Cobalt RaQ servers ??
Previous by thread: Re: [cobalt-users] Unhappy procmail
Next by thread: RE: [cobalt-users] Unhappy procmail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index