On Fri Apr 12, 2002 at 08:37:24AM -0400, Oden Eriksson wrote: [...]
> > No msec doesn't change files/directories under /var, it only changes > > /var itself. > > > > That's very strange that msec breaks qmail as I remember Vincent has > > done tests and that was ok. Vincent ? > > > I use: > > exec setuidgid qmaill multilog t /var/log/pop3d > exec setuidgid qmaill multilog t /var/log/qmail > exec setuidgid qmaill multilog t /var/log/smtpd Yes, this would do it. Take a look /usr/share/msec/perm.3, for example. It directly changes ownership of /var/log/* to root.root(755)... level 2 uses root.adm(755). The directories below /var/log, ie. /var/log/*/* are set to current user with mode 640. This is why /var/log/pop3d would cause problems whereas /var/log/qmail/pop3d would not. An exception could be (should be) made so that /var/log/qmail is set to current perms instead of changing because root.root is still wrong (should be qmaill.root). > Where vdanen uses something like: > > exec setuidgid qmaill multilog t /var/log/qmail/pop3d > exec setuidgid qmaill multilog t /var/log/qmail/qmqpd > exec setuidgid qmaill multilog t /var/log/qmail > exec setuidgid qmaill multilog t /var/log/qmail/smtpd > > At the time my problems arose, either the dir perm, or the dir content perm > was forcly changed by msec. I can't recall exactly which one of these, it may > even be so that both was altered... I don't really care now since I have > started to use: > > exec setuidgid qmaill multilog t ./main So you log to /var/run/supervise/qmail-pop3d/main? Ala djbdns... =) > This way is "msec safe" :) > > I think I have reported about this quite some time ago. msec could have > changed it's behaviour since then, but I don't have the time to test. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.18-6mdk uptime: 4 days 12 hours 34 minutes.
msg62975/pgp00000.pgp
Description: PGP signature
