Can't compile virtualuser.db

Posted on 2004-04-18
Last Modified: 2013-12-17

When I try to start sendmail I get this error:

ns1:/etc/mail # service sendmail restart
Shutting down sendmail: [  OK  ]
Shutting down sm-client: [  OK  ]
Starting sendmail: makemap: error opening type hash map virtusertable.db: Permission denied
make: *** [virtusertable.db] Error 73
[  OK  ]
Starting sm-client: [  OK  ]

How can I fix this?  If I run make from the command line trying to use DBM I get:

makemap: Need to recompile with -DNDBM for dbm support

How can I fix this?  Thanks.

Question by:ingenito
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
LVL 40

Expert Comment

ID: 10856619
Typically the command to build the virtusertable map from the flat file would be:

makemap hash /etc/mail/virtusertable >/etc/mail/virtusertable

Is that what you tried?

Also does 'ls -l /etc/mail/virtusertable return results like:

-rw-r--r--    1 root     root        48929 Apr 17 21:00 /etc/mail/virtusertable
-rw-r-----    1 cyrus    root        81920 Apr 17 21:00 /etc/mail/virtusertable.db

Author Comment

ID: 10859752

When I run the makemap command I get this error:

ns1:/etc/mail # makemap hash /etc/mail/virtusertable >/etc/mail/virtusertable2
makemap: error opening type hash map /etc/mail/virtusertable: Permission denied

The permissions on the files look like this:

ns1:/etc/mail # dir virtuser*    
-rw-r--r--    1 smmsp    mail            0 Apr 16 14:27 virtusertable
-rw-r--r--    1 smmsp    mail        12288 Sep 24  2003 virtusertable.db

LVL 40

Expert Comment

ID: 10861368
That sort of sounds like a problem with makemap or Berkely DB.

I'm going to guess that this is a RedHat system or something similar. Accordingly I'd like to know what 'rpm --verify sendmail' shows. Assuming it is a recent version I'd also like to know what rpm --verify db4' shows.
Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.


Author Comment

ID: 10861823
Here you go:

ns1:/etc/mail # rpm --verify sendmail
SM5..UGT c /etc/aliases
.M...UG.   /etc/mail
.....UG. c /etc/mail/Makefile
.....UG. c /etc/mail/access
.....UG. c /etc/mail/domaintable
.....UG. c /etc/mail/helpfile
S.5..UGT c /etc/mail/local-host-names
.....UG. c /etc/mail/mailertable
S.5....T c /etc/mail/
S.5..UGT c /etc/mail/
SM5..UGT c /etc/mail/statistics
SM5..UGT c /etc/mail/
.....UG. c /etc/mail/
.....UG. c /etc/mail/trusted-users
.....UGT c /etc/mail/virtusertable
.M......   /usr/sbin/sendmail.sendmail
.M...U..   /var/spool/mqueue
ns1:/etc/mail # rpm --verify db4
ns1:/etc/mail #

Looks like db4 is a problem. Can I install this through up2date?  Thanks

Author Comment

ID: 10862136
I tried this as well:

ns1:/etc/mail # up2date --install db4

Fetching package list for channel: redhat-linux-i386-9...

Fetching Obsoletes list for channel: redhat-linux-i386-9...

Fetching rpm headers...

The following packages you requested are already updated:
LVL 40

Expert Comment

ID: 10862307
That all looks okay, except that the change in mode for /usr/sbin/sendmail.sendmail and the change in mode/user for /var/spool/mqueue are supicious. Could I see what 'ls -l /usr/sbin/sendmail.sendmail' and 'ls -ld /var/spool/mqueue' shows?

Also I'd like to see what happens if you execute '/usr/bin/makemap hash /etc/mail/virtusertable >/etc/mail/virtusertable'. Type that command in exactly and if it succeeds  I'd like to know what 'type makemap' shows.

Author Comment

ID: 10862912
ns1:/etc # ls -l /usr/sbin/sendmail.sendmail
-r-sr-sr-x    1 root     smmsp      663232 Sep 17  2003 /usr/sbin/sendmail.sendmail
ns1:/etc # ls -ld /var/spool/mqueue
drwxrwx---    2 smmsp    mail        45056 Apr 19 15:10 /var/spool/mqueue
ns1:/etc # /usr/bin/makemap hash /etc/mail/virtusertable >/etc/mail/virtusertable
makemap: error opening type hash map /etc/mail/virtusertable: Permission denied

LVL 40

Expert Comment

ID: 10863592
Those are unsafe permissions for sendmail and it should look like:

-rwxr-sr-x    1 root     smmsp      733888 Sep 18  2003 /usr/sbin/sendmail.sendmail

In a like manner the perms on /var/spool/mqueue should look like:

drwx------    2 root     mail         4096 Apr 19 04:02 /var/spool/mqueue/

The question now is how did they get like that?

What does 'ldd /usr/bin/makemap | grep libdb' show?

Author Comment

ID: 10863834
Well those permissions were my fault.  I was trying to make sendmail not run as root.  Is it safe to have sendmail running as root?  Anyway, that is the reason for the wierd permissions, I will change them.  Here is the result of the ldd command:

ns1:/etc/mail # ldd /usr/bin/makemap | grep libdb => /lib/ (0x4001a000)

Thanks for your patience.  I am semi-new to linux.  Been with Windows all my life.
LVL 40

Accepted Solution

jlevie earned 125 total points
ID: 10864790
Sendmail 8.12 is safe to run as root and must do so to be able to deliver mail to a user's inbox. The risk in prior versions of sendmail was in invoking sendmail directly to send mail form accounts or applications on the system. That risk has been eliminated in 8.12 with the separation of the Mail Transport Agent (MTA) and Message Submission Program (MSP) functions. There's now a separate process the (MSP) that applications and local users employ to send mail.

The permoissions and ownership need to be returned to what they were orginally. That can be done by comparing what you have now with a stock system, or by simply re-installing Sendmail.

Author Comment

ID: 10868786

I changed those permissions to the same that you have.  Thanks.  Have you any idea about the makemap problem?

Author Comment

ID: 10872823

I seemed to have fixed the problem by making my /etc/mail directory look like this:

ns1:/etc/mail # dir
total 388
drwxr-xr-x    2 smmsp    mail         4096 Apr 20 16:49 .

So now it is group and other readable and execuatble.  Once I changed this I was able to compile the hash virtusertable.

Thanks for your help jlevie.

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question