Filer Admins,
We have unix home directories on our filer. We just noticed today that sendmail reports that the .forward files are in a "World writable directory" and that the user directory is "unsafe directory path, marked unsafe". (These are sendmail errors - I'm at LogLevel=99 for sendmail).
Then the mail is delivered locally to the box as opposed to forwarded.
Now, my directories are not world writeable! So, I'm wondering what permissions aren't being read correctly. I can fix sendmail by changing the sendmail.cf to include "DontBlameSendmail=forwardfileinunsafedirpath", but am interested in the underlying issues here.
We are running different versions of sendmail. The host that I've been testing on is running 8.11.6
Any insight would be appreciated.
Thanks,
Jim Surlow Billing & Customer Care Lucent Technologies
On Wed, Feb 06, 2002 at 05:18:45PM -0700, Surlow, Jim wrote:
Filer Admins,
We have unix home directories on our filer. We just noticed today that sendmail reports that the .forward files are in a "World writable directory" and that the user directory is "unsafe directory path, marked unsafe". (These are sendmail errors - I'm at LogLevel=99 for sendmail).
Then the mail is delivered locally to the box as opposed to forwarded.
Now, my directories are not world writeable! So, I'm wondering what permissions aren't being read correctly. I can fix sendmail by changing the sendmail.cf to include "DontBlameSendmail=forwardfileinunsafedirpath", but am interested in the underlying issues here.
We are running different versions of sendmail. The host that I've been testing on is running 8.11.6
Any insight would be appreciated.
Thanks,
Jim Surlow Billing & Customer Care Lucent Technologies
One of the things I can suggest is to move the .forward files out of the users home dir into a special dir on the mail server. This also prevents issues in case the home is not available (I had that issue several times at SGI, even this wasn't on a NetApp).
The option to this is:
# Forward file search path O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
Either build new sendmail.cf from m4 files or edit it directly.
Another benefit of putting all the .forwards in one directory is that the mail server doesn't have to mount every home directory for broadcast mails. We had problems when sending out email to hundreds of folks when the mail server had to check each home directory for a .forward. If you have a limited number of users this won't bite you but with over 1000 entries in our passwd file we took a hit everytime a large broadcast would happen. C-
On Wed, Feb 06, 2002 at 04:49:48PM -0800, Ulf Zimmermann wrote:
On Wed, Feb 06, 2002 at 05:18:45PM -0700, Surlow, Jim wrote:
Filer Admins,
We have unix home directories on our filer. We just noticed today that sendmail reports that the .forward files are in a "World writable directory" and that the user directory is "unsafe directory path, marked unsafe". (These are sendmail errors - I'm at LogLevel=99 for sendmail).
Then the mail is delivered locally to the box as opposed to forwarded.
Now, my directories are not world writeable! So, I'm wondering what permissions aren't being read correctly. I can fix sendmail by changing the sendmail.cf to include "DontBlameSendmail=forwardfileinunsafedirpath", but am interested in the underlying issues here.
We are running different versions of sendmail. The host that I've been testing on is running 8.11.6
Any insight would be appreciated.
Thanks,
Jim Surlow Billing & Customer Care Lucent Technologies
One of the things I can suggest is to move the .forward files out of the users home dir into a special dir on the mail server. This also prevents issues in case the home is not available (I had that issue several times at SGI, even this wasn't on a NetApp).
The option to this is:
# Forward file search path O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
Either build new sendmail.cf from m4 files or edit it directly.
-- Regards, Ulf.
Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html
We have unix home directories on our filer. We just noticed today that sendmail reports that the .forward files are in a "World writable directory" and that the user directory is "unsafe directory path, marked unsafe". (These are sendmail errors - I'm at LogLevel=99 for sendmail).
Then the mail is delivered locally to the box as opposed to forwarded.
Now, my directories are not world writeable! So, I'm wondering what permissions aren't being read correctly. . . .
We've run into this problem when users have set or changed the permissions on their Unix home directory from a Windows client. Some of the complicated Windows permissions get represented to Unix (NFS) clients as "rwxrwxrwx", even though the more restrictive Windows permissions are enforced when a Unix client tries to access them.
It might be "better" if Unix sendmail actually tried to make the access it's checking for, rather than just looking at the permissions, but of course it's not really fair to expect an NFS client to know about those hidden Windows permissions.
What we do here is to setup the majority of users with their Windows homedirs as a subdirectory (~username/nt) of their Unix homedirs. Folks who are a little more savvy about multi-platform access can have their Windows homedirs be the same as their top-level Unix homedirs, and if they mess up their homedir permissions, they have to live with the consequences.
Moving the .forward files to an alternate location is a nice idea, although I'd be concerned about this approach making it difficult for users to access their own .forward files. E.g. we would rather not provide login nor remote (NFS) access to our mail server. But even if we did so, putting all users' .forward's in a single directory makes security and accessibility pretty challenging. How are you folks solving that issue?
Regards,
-
Chris Blackmor -
Marion Hakanson -
Surlow, Jim -
Ulf Zimmermann