RE: Alias0 unsafe map file

Tue, 5 Oct 1999 08:57:02 -0700 

Joel,

This is caused by the Gauntlet is running sendmail as uucp while retaining
the
older sendmail.cf.  When the Solaris sendmail patch 105395-06 is installed
the newer /usr/lib/sendmail
(version 8.8.8) complains about two things: 
        1. not having a fully qualified hostname - either replace the
/etc/mail/sendmail.cf file
        with a more appropriate one, or edit it and add the line
                Dj$w.$P
        after the "Ok to manually edit" line that puts 
                Dj$w
        in the file.
        2. sendmail now complains if root doesn't own the /etc/mail
directory and the files
        it will use in that directory, e.g. sendmail.cf and aliases. - If
you're using the newer
        sendmail.cf that came with the patch, try setting "O
RunAsUser=uucp".  Alternatively,
        you can give root ownership of /etc/mail and all it's files, remove
the link between
        /usr/bin/newliases and /usr/lib/sendmail, and copy /usr/lib/sendmail
to /usr/bin/newaliases,
        as a root owned, non-suid program, e.g.:
                rm /usr/bin/newaliases
                cp /usr/lib/sendmail /usr/bin/newaliases
                chmod 555 /usr/bin/newaliases   
                chown root:bin /usr/bin/newaliases
        Now you can only run newaliases as root, but the Gauntlet
administration program shouldn't complain.
                
        Frank

> -----Original Message-----
> From: W Joel Gridley [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, October 05, 1999 1:29 AM
> To:   Les Diefenbach; [EMAIL PROTECTED]
> Subject:      Re: Alias0 unsafe map file
> 
> Yes, could someone please answer Mr. Diefenbach? He has
> asked this question before, and I was dissappointed to see
> that no one answered, as I am also having issues regarding this.
> 
> At 10:11 AM 10/4/99 -0500, Les Diefenbach wrote:
> >I'm running Gauntlet 5.0 on Solaris 2.6 and when I give the newaliases
> command 
> >I get the following error:
> >
> ># newaliases
> >WARNING: local host name (hades) is not qualified; fix $j in config file
> >dbm map "Alias0": unsafe map file /etc/mail/aliases
> >WARNING: cannot open alias database /etc/mail/aliases
> >Cannot create database for alias file /etc/mail/aliases: No such device
> ># 
> >
> >I want to add an alias for firewalladmin in the alias file to send
> >mail to my real email address. Right now, the messages are bouncing
> because
> >firewalladmin is a unknown user.
> >
> >Permissions are as follows:
> >
> >drwxr-xr-x   2 bin      mail         512 Oct  4 09:04 .
> >drwxr-xr-x  28 root     sys         4096 Oct  4 09:06 ..
> >-r--r--r--   1 root     root          94 Apr 14 08:32 .MAP
> >-r--r--r--   1 root     other         94 Sep 23 10:01 .MAP.PRE5.0
> >-rw-r--r--   1 bin      bin          153 Sep 22 10:51 Mail.rc
> >-rw-r--r--   1 uucp     root        1013 Oct  4 09:21 aliases
> >-rwxr-xr-x   1 uucp     other       1201 Sep 23 10:01 aliases.PRE5.0
> >-rwxr-xr-x   1 uucp     root           0 Sep 22 11:03 aliases.dir
> >-rw-r--r--   1 uucp     root        1011 Oct  4 08:57 aliases.old
> >-rwxr-xr-x   1 uucp     root        1024 Sep 22 11:03 aliases.pag
> >-rw-r--r--   1 bin      bin         1829 Sep 22 10:37 mailx.rc
> >-r--r--r--   1 bin      bin        11973 Sep 22 10:37 main.cf
> >-rwxr-xr-x   1 root     other      26865 Sep 22 11:29 main.cf.new
> >-rw-r--r--   1 root     root       15285 Oct  4 09:26 sendmail.cf
> >-r--r--r--   1 root     other      27176 Sep 23 10:01 sendmail.cf.PRE5.0
> >-rw-r--r--   1 root     root       15285 Oct  4 08:57 sendmail.cf.old
> >-rw-r--r--   1 root     bin         4911 Sep 21 03:37 sendmail.hf
> >-rw-r--r--   1 root     root          32 Sep 22 11:43 sendmail.pid
> >-r--r--r--   1 bin      bin         9197 Sep 22 10:37 subsidiary.cf
> >-rwxr-xr-x   1 root     other      27176 Sep 22 11:29 subsidiary.cf.new
> >
> >
> >/usr/lib/sendmail permissions are as follows:
> >
> >
> >-rwsr-xr-x   1 uucp     bin       346984 Sep 21 03:37 /usr/lib/sendmail
> >
> >
> >--
> >Thanks  Les
> >==================================================================
> >Computer Sciences Corporation
> >[EMAIL PROTECTED]
> >
> >"As a matter of fact, I do have a plan - and it's so cunning,
> >you could put a tail on it and call it a weasel."
> >==================================================================
> >
> >-
> 
> 
> 
> 
> Joel Gridley, CCNA                       "Be the packet."
> Network Security/Firewall Specialist
> GTE Internetworking, "Powered by BBN."
> Burlington, MA
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to