:: Re: [DNG] How stable Is beowulf? Ho…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MOlaf Meeuwissen at <-
MThierry B. at ->
Delete this message
Reply to this message
Author: Haines Brown
Date:  
To: dng
Subject: Re: [DNG] How stable Is beowulf? How to upgrade from ascii?
On Sat, Nov 09, 2019 at 09:06:04AM +0900, Olaf Meeuwissen wrote:
> Hi Haines,
>
> Haines Brown writes:
>
> > However, there was a glitch I do not understand. I could not get SMTP
> > authentication (I'm running exim4 and mutt). Turned out that exim
> > could not read my etc/eximr4/passwd.client file. Its ownership and
> > permissinons were
> >
> > -rw-r----- 1 root saned 653 Oct 29 12:17 passwd.client
>
> I would have expected this file to have group Debian-exim (or mail), not
> saned which is normally used for a scanner server.
>
> Please check the access and ownership of /etc/eximr4 and files in it.
> 
>   ls -ld /etc/eximr4        # for the directory itself
>   ls -l /etc/eximr4         # for the files in it

>
> Then use the chgrp and chmod utilities to fix things up.

$ ls -ld /etc/exim4
drwxr-xr-x 3 root root 4096 Oct 29 12:17 /etc/exim4

$ ls -l /etc/exim4
total 92
drwxr-xr-x 9 root root 4096 Jul 25 16:44 conf.d
-rw-r--r-- 1 root root 79161 Jul 20 07:35 exim4.conf.template
-rw-r--r-- 1 root saned 653 Oct 29 12:17 passwd.client
-rw-r--r-- 1 root root 1067 Oct 29 11:00 update-exim4.conf.conf

> > I recovered an ability to send e-mal by changing the permission to
> >
> > -rw-r--r--
>
> This is probably a very Bad Thing. Everyone can now read your password
> file :-o

I know it's a Bad Thing, but was desperate to recover e-mail so I
could resolve the problem. I find that an old machine running Debian
4.9.110-1 the ownership of passwd.client was root:Debian-exim. So I
put user into the Debian-exim group, returned the permissions for
passwd.client to 620, and gave ownwership of the file to
root:Debian-exim. Now I have:

$ ls -la /etc/exim4/ | grep passwd.client
-rw-r----- 1 root Debian-exim 653 Oct 29 12:17 passwd.client

The real issue seems to be that when I installed Deuan Ascii as
expert and then upgraded to Beowulf user was not automatically put
into Debian-exim group and passwd.client waa given root:saned
ownership. I don't see how a misttake made during installation could
possibly have led to that result.

> > If user is in saned group, shouldn't the user running exim be able to
> > get SMTP authentication by reading passwd.client?
>
> Only if that user can also read the content of the directory in the
> first place. For that it needs r-x on the directory.

Ah, right. Of course.

> # I vaguely remember that only --x is sufficient but am no longer sure
> # (and too lazy to check ;-)

Just checked. I created a test-c directory containing a file
named "test": 

$ ls -la | grep test-c
d--x--x--x  2 root haines    4096 Nov  9 06:13 test-c


I am able to edit and save the "test" file with these ownerships and
permissions of its parent. 

> Hope this helps,
> --
> Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27

Yes, it certainly did. Thank you. The problem remains, however,
concerning how an installation could assign saned to be owner of
passwe.client. Not sure, but suspect that an automated installation of
Ascii with a destkop on another drive got things right, but can't
best because I never set up e-mail for that drive.

Haines Brown
This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Why is spamassasin compiling here?Re: [DNG] Insane defaults on Raspberry Pi images - How to fix corruption/dataloss->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)