NetBSD Problem Report #46790
From mw@fenrir.wzff.de Thu Aug 9 22:50:21 2012
Return-Path: <mw@fenrir.wzff.de>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 19D8D63B85F
for <gnats-bugs@gnats.NetBSD.org>; Thu, 9 Aug 2012 22:50:21 +0000 (UTC)
Message-Id: <20120809225003.00241EEA4F0@fenrir.wzff.de>
Date: Fri, 10 Aug 2012 00:50:02 +0200 (CEST)
From: Moritz Wilhelmy <mw@wzff.de>
Reply-To: Moritz Wilhelmy <mw@wzff.de>
To: gnats-bugs@gnats.NetBSD.org
Subject: Error delivering mails to msgs(1)
X-Send-Pr-Version: 3.95
>Number: 46790
>Category: bin
>Synopsis: Error delivering mails to msgs(1)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Aug 09 22:55:00 +0000 2012
>Last-Modified: Tue Nov 19 22:25:00 +0000 2013
>Originator: Moritz Wilhelmy
>Release: NetBSD 6.0_BETA2
>Organization:
Fictional Enterprises Ltd
>Environment:
System: NetBSD fenrir.wzff.de 6.0_BETA2 NetBSD 6.0_BETA2 (GENERIC) i386
Architecture: i386
Machine: i386
>Description:
After enabling msgs in /etc/aliases as described within the file and
running newaliases
% tail -2 /etc/mail/aliases
# uncomment this for msgs(1):
msgs: "|/usr/bin/msgs -s"
I get the following error in /var/log/maillog:
Aug 10 00:37:05 fenrir postfix/local[380]: 961C6EEA4A7: to=<msgs@fenrir.wzff.de>, orig_to=<msgs>, relay=local, delay=0.37, delays=0.2/0.09/0/0.08, dsn=5.3.0, status=bounced (Command died with status 13: "/usr/bin/msgs -s". Command output: /var/msgs/bounds: Permission denied )
>How-To-Repeat:
>Fix:
Either document how msgs should be invoked and refer to the documentation from /etc/aliases
or set correct permissions on the /var/msgs/bounds file at installation time.
>Audit-Trail:
From: neitzel@marshlabs.gaertner.de
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/46790
Date: Tue, 19 Nov 2013 23:15:14 +0100
[msgs(1), the web-2.0 from the 80ies which NetBSD manages to break
every six years :-)]
I considered "postconf default_privs=daemon" to be an appropriate
fix in my environment, but that may not be approriate for everybody.
So I suggest a comment in the default aliases file pointing out that
further action is required. My patch below may be a tad too verbose,
feel free to shorten it at your discretion.
Martin
Index: aliases
===================================================================
RCS file: /cvsroot/src/etc/aliases,v
retrieving revision 1.22
diff -u -r1.22 aliases
--- aliases 25 Aug 2010 15:38:44 -0000 1.22
+++ aliases 19 Nov 2013 21:55:44 -0000
@@ -54,3 +54,22 @@
# uncomment this for msgs(1):
# msgs: "|/usr/bin/msgs -s"
+
+# Please note for such "|program" destinations:
+#
+# NetBSD's previous default MTA, Allmann's/ISC's "sendmail" package,
+# executed such programs as user "daemon", while the current default
+# MTA "postfix" uses the user "nobody" instead (see local(8), section
+# "DELIVERY RIGHTS").
+#
+# The msgs(1) spool is adjusted to the "daemon" setting; it will work
+# out of the with the ("package") sendmail MTA but not with the default
+# postfix. You NEED to make an informed policy decision here.
+# You could either just
+#
+# # postconf default_privs=daemon
+#
+# affecting all(!) program destinations in this aliases(5) file,
+# or employ something such as "sudo" or other setuid/gid solutions tailored
+# to individual "|program" destinations. (Whatever you do, *don't* just
+# make /var/msgs{,/bounds} writable for "nobody", i.e. the world.)
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.