Problem configuring the mail gateway


#1

Hi everyone,

I have configured the mailgateway according to the documentation.
If I send an email to the mail alias it is send back by sendmail with the
follwing error:

----- The following addresses had permanent fatal errors -----
|"/opt/rt/bin/rt-mailgate Test correspond"
(expanded from: rt-test@arbogaan.dkrz.de)

----- Transcript of session follows -----
sh: /opt/rt/bin/rt-mailgate: cannot execute
554 |"/opt/rt/bin/rt-mailgate Test correspond"… unknown mailer error 1

To solve this I changed the permissions of the suid-wrapper (I know that this
should be wrong):

arbogaan: /<2>bin # ls -la
total 42
dr-xr-xr-x 3 root root 512 Apr 4 17:19 ./
dr-xr-xr-x 5 root root 512 Apr 4 09:01 …/

lrwxrwxrwx 1 root other 24 Apr 4 17:19 rt-mailgate ->/opt/rt/bin/suid_wrapper*

-rwxr-xr-x 3 rt rt 7792 Apr 4 17:19 suid_wrapper*

to allow execution by others.

But than sendmail answers:

----- The following addresses had permanent fatal errors -----
|"/opt/rt/bin/rt-mailgate Test correspond"
(expanded from: rt-test@arbogaan.dkrz.de)

----- Transcript of session follows -----
Can’t locate /opt/rt/etc/config.pm in @INC (@INC contains: /usr/local/lib/perl5/5.00503/sun4-solaris /usr/local/lib/perl5/5.00503 /usr/local/lib/perl5/site_perl/5.005/sun4-solaris /usr/local/lib/perl5/site_perl/5.005 /opt/rt/lib) at /opt/rt/bin/rtmux.pl line 20.
554 |"/opt/rt/bin/rt-mailgate Test correspond"… unknown mailer error 13

This can be solved by making config.pm world readable but than the problems
continue:

----- The following addresses had permanent fatal errors -----
|"/opt/rt/bin/rt-mailgate Test correspond"
(expanded from: rt-test@arbogaan.dkrz.de)

----- Transcript of session follows -----
Could not create dir /var/rt/transactions/2000: Permission denied
554 |"/opt/rt/bin/rt-mailgate Test correspond"… unknown mailer error 13

My conclusion:
rt-mailgate isn’t executed under the right user and group (rt:rt).
How can I tell sendmail which user or group it should use ???

Can anyone help me with that ???

Thanks Rainer

Rainer Weigle - MPI fuer Meteorologie
weigle@dkrz.de
040 / 41173 - 373


#2

| -rwxr-xr-x 3 rt rt 7792 Apr 4 17:19 suid_wrapper*
±–>8

chmod u+s suid_wrapper

brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university [“better check the oblivious first” -ke6sls]


#3

Hi everyone and especially Brandon,

±----
| -rwxr-xr-x 3 rt rt 7792 Apr 4 17:19 suid_wrapper*
±–>8

chmod u+s suid_wrapper

Thanks this helped but …


brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university [“better check the oblivious first” -ke6sls]


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

only for short because if I put he stickybit on suid-wrapper the cgi scripts
(webrt.cgi and admin-webrt.cgi) also get the sticky bit and this is something
that my apache (1.3.12) doesn’t like. To be more exact the suEXEC wrapper which
it uses to start the scripts doesn’t execute scripts that have the sticky bit
set.

Anyone any ideas ??? (I don’t want to run apache as rt:rt, if I dont have to)

Thanks Rainer
Rainer Weigle - MPI fuer Meteorologie
weigle@dkrz.de
040 / 41173 - 373


#4

only for short because if I put he stickybit on suid-wrapper the cgi scripts
(webrt.cgi and admin-webrt.cgi) also get the sticky bit and this is something
that my apache (1.3.12) doesn’t like. To be more exact the suEXEC wrapper which
it uses to start the scripts doesn’t execute scripts that have the sticky bit
set.

That’s weird. I’ve never had problems with this, at least. I think it
might be something in your apache configuration.

Anyone any ideas ??? (I don’t want to run apache as rt:rt, if I dont have to)

Check the apache documentation. I think that when you start it as root,
it is possible to let it start cgis with a different user ID, but I don’t
have much insight into the configuration.

#Life ends with a crash
require ‘Coy.pm’;
&laughter while $I, die;
– Michael Schwern


#5

| only for short because if I put he stickybit on suid-wrapper the cgi
±–>8

setuid bit; sticky bit is +t, and is mostly obsolete

| suEXEC wrapper which it uses to start the scripts doesn’t execute scripts
| that have the sticky bit set.
±–>8

I run it as rt:rt…

Instead of having *.cgi be direct symlinks to suid_wrapper, try moving them
to ~rt/bin and use shell scripts which exec them for the CGI scripts.

brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university [“better check the oblivious first” -ke6sls]


#6

±----
| only for short because if I put he stickybit on suid-wrapper the cgi
±–>8

setuid bit; sticky bit is +t, and is mostly obsolete
^^^^^^^^ ;-), but your are right.

| suEXEC wrapper which it uses to start the scripts doesn’t execute scripts
| that have the sticky bit set.
±–>8

I run it as rt:rt…

Instead of having *.cgi be direct symlinks to suid_wrapper, try moving them
to ~rt/bin and use shell scripts which exec them for the CGI scripts.

I didn’t understand the hardlinks (probably because I never use them)
but now I have just created copies without the setuid bit in cgi and with the
setuid bit in bin. That seems to work !!!


brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university [“better check the oblivious first” -ke6sls]


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Thanks Rainer

Rainer Weigle - MPI fuer Meteorologie
weigle@dkrz.de
040 / 41173 - 373