Solved

More RH6.2 wierdness.

Posted on 2000-05-17
9
201 Views
Last Modified: 2013-12-15
May 17 21:19:59 gatekeeper ipop3d[5222]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection

Resetting the perms to 1777 works, but after a random time, this error is back. With no clue in the logs as to what has changed :-/
0
Comment
Question by:j2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2819965
When the warning shows up again, what are the perms on /var/spool/mail?
0
 
LVL 12

Author Comment

by:j2
ID: 2839074
[root@gatekeeper /root]# ls -la /var/spool/                
total 44
drwxr-xr-x   11 root     root         4096 May 10 12:39 .
drwxr-xr-x   18 root     root         4096 Mar 31 15:34 ..
drwxr-xr-x    2 root     root         4096 May  1 04:42 anacron
drwx------    3 daemon   daemon       4096 Mar 31 15:29 at
drwx------    2 root     root         4096 May 17 22:01 cron
drwxrwxr-x    2 root     daemon       4096 Mar 31 15:40 lpd
drwxrwxr-x    2 root     mail         4096 May 23 18:03 mail
drwxr-xr-x    2 root     root         4096 May 23 18:03 mqueue
drwxr-xr-x    2 root     root         4096 Feb  7 21:20 rwho
drwxr--r--   18 squid    squid        4096 May 21 04:02 squid
drwxr-xr-x    5 root     root         4096 May 10 12:39 vmail
[root@gatekeeper /root]# ls -la /var/spool/mail/
total 76
drwxrwxr-x    2 root     mail         4096 May 23 18:03 .
drwxr-xr-x   11 root     root         4096 May 10 12:39 ..
-rw-------    1 aslin    popusers     2051 May 23 16:32 aslin
-rwxrwxrwt    1 chand    popusers      559 May 23 14:41 chand
-rwxrwxrwt    1 hajan    popusers      559 May 19 12:10 hajan
-rw-rw----    1 lebun    mail          559 May 23 16:46 lebun
-rwxrwxrwt    1 makje    mail          559 May 23 13:30 makje
-rwxrwxrwt    1 mikje    popusers      559 May 23 15:28 mikje
-rw-------    1 mikoh    popusers      559 May 23 10:55 mikoh
-rw-------    1 motho    popusers     3805 May 23 18:03 motho
-rwxrwxrwt    1 padah    popusers     1820 May 19 09:29 padah
-rw-------    1 root     root         3522 May 23 04:00 root
-rw-------    1 stgus    popusers      559 May 22 08:54 stgus
-rwxrwxrwt    1 vatim    popusers      559 May 18 14:29 vatim
-rwxrwxrwt    1 wmjajoa  wmjajoa     16853 May 17 22:00 wmjajoa
[root@gatekeeper /root]#


Found something, the perms goes to heck when a new spoolfile is created, AND it looks related to using the "stock" linuxconf on a RH system, will compare the Two linuxconfs configs and see if i can see something
0
 
LVL 12

Author Comment

by:j2
ID: 2864541
Found it. Its because i am using the "stock" Linuxconf and not the RH version. Whats the mask 1777 when expressing it as:
[X] May read                  xx        
                            x       x[X] May write                 xx        
                            x       x[X] May execute               xx        
                            xGroup  x[X] May read                  xx        
                            x       x[X] May write                 xx        
                            x       x[X] May execute               xx        
                            xOthers x[X] May read                  xx        
                            x       x[ ] May write                 xx        
                            x       x[X] May execute               xx        
                            x       xqqqqqqqqSpecial flagsqqqqqqqqqxx        
                            x       x[ ] Setuid flag               xx        
                            x       x[ ] Setgid flag               xx        
                            x       x[X] Restriction on directory  xx        
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 40

Accepted Solution

by:
jlevie earned 10 total points
ID: 2868124
The "sticky bit" 1000 would be the "Restriction on directory" setting above. Having all options except "Setuid flag" and "Setgid flag" selected should yield a mode of 1777.
0
 
LVL 12

Author Comment

by:j2
ID: 2868151
And right you are :)

Ive been over every manpage on chmod et. al. to find a bitmaping over the permissions but came up blank.
0
 
LVL 12

Author Comment

by:j2
ID: 2868158
Comment accepted as answer
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2871561
The man page you need is "man 2 chmod" and the bit of interest is S_ISVTX (01000 sticky bit).
0
 
LVL 12

Author Comment

by:j2
ID: 2871574
Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you.

THAT is something i did not know :)
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2872597
You're welcome... Glad to add to the general knowledge base...
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question