Groups | Search | Server Info | Login | Register

Groups > comp.mail.sendmail > #8237

Re: praliases file permission check

From Hugo Villeneuve-Lapointe <hugo_villap@email.invalid>
Newsgroups comp.mail.sendmail
Subject Re: praliases file permission check
Date 2026-01-31 14:29 +0000
Organization A noiseless patient Spider
Message-ID <10ll3l4$2t9od$1@dont-email.me> (permalink)
References <20260130125150.06f0bcd0@ryz.dorfdsl.de>

Show all headers | View raw

On Fri, 30 Jan 2026 12:51:50 +0100, Marco Moock wrote:

> Hello!
> 
> I have a Debian unstable system to test.
> 
> I noticed that the praliases command only works if /etc/mail/aliases.db
> is globally readable.
> 
> -rw-r--r-- 1 smmta smmsp 2165 30. Jan 12:17 /etc/mail/aliases.db

Can confirm it happens to me too.

I got a Debian system with 2 aliases files defined. "praliases" works on 
the .db that is world-readable and fails on the 2nd .db that is not world-
readable.

 
[working case:]
> 
> I now used strace to track that down:
> 
> This is when it works (world readable):
> 
> root@deb-test:~# ls -la /etc/mail/aliases.db -rw-r--r-- 1 smmta smmsp
> 2165 30. Jan 12:17 /etc/mail/aliases.db root@deb-test:~# strace
> praliases 2>&1 |grep alias execve("/usr/sbin/praliases", ["praliases"],
> 0x7ffe430974f0 /* 11 vars */) = 0 newfstatat(AT_FDCWD,
> "/etc/mail/aliases.db", {st_mode=S_IFREG|0644, st_size=2165, ...}, 0) =
> 0 newfstatat(AT_FDCWD, "/etc/mail/aliases.db", {st_mode=S_IFREG|0644,
> st_size=2165, ...}, 0) = 0 openat(AT_FDCWD, "/etc/mail/aliases.db",
> O_RDONLY) = 4 openat(AT_FDCWD, "/etc/mail/aliases.db", O_RDONLY) = 5
> root@deb-test:~#
> 

[non-working case:]
> root@deb-test:~# strace praliases 2>&1 |grep alias
> execve("/usr/sbin/praliases", ["praliases"], 0x7ffde3b673e0 /* 11 vars
> */) = 0 newfstatat(AT_FDCWD, "/etc/mail/aliases.db",
> {st_mode=S_IFREG|0640, st_size=2165, ...}, 0) = 0 newfstatat(AT_FDCWD,
> "/etc/mail/aliases.db", {st_mode=S_IFREG|0640, st_size=2165, ...}, 0) =
> 0 write(2, "praliases: /etc/mail/aliases: op"..., 54praliases:
> /etc/mail/aliases: open: Permission denied root@deb-test:~#
> 
> What is the reason for that?
> 
> Which permissions does it want (I prefer only readable by the daemon's
> users) and why?


I think this is a case in which sendmail does more checks than the OS 
requires.

Experience says that root on *nix can read every file regardless of 
permissions (even files with mode 0). I'm with you with that but not 
sendmail.

My "strace" shows things similar to you. "aliases.db" is "stat()" first 
than "open()" when it works. But fails after "stat()" without "open()" in 
the failing case.


I did not debug a running binary but from Sendmail's source code, 
"safefile()" from "libsmutil/safefile.c" is called before opening a 
database file.

That "safefile()" function can actually set errno=EACCESS if it doesn't 
like something about the file permissions of a file.

Anyway, "safefile()" seems to really want the user/group of the running 
Sendmail program to have read access as one of the owner/group/other of 
the target file. And checks against information returned by "stat()".



As a solution and I don't know if it breaks anything:

you can add "root" to the group "smmsp" in /etc/group to make "praliases" 
work.


Is adding a additional group to the "root" user is dangerous though? (It's 
actually quite common on BSD, but all my Debian derived Linux have no 
additional groups for root.)

I don't care enough about "praliases" to run a system in this 
configuration for weeks to figure out potential issues.


Good luck, maybe others can chip in. Or may have beter understanding of 
the Sendmail code.


-- 
Hugo Villeneuve-Lapointe

Back to comp.mail.sendmail | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-30 12:51 +0100
  Re: praliases file permission check jayjwa <jayjwa@atr2.ath.cx.invalid> - 2026-01-30 14:15 -0500
    Re: praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-30 20:53 +0100
      Re: praliases file permission check jayjwa <jayjwa@atr2.ath.cx.invalid> - 2026-01-31 11:26 -0500
        Re: praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-31 22:10 +0100
          Re: praliases file permission check Hugo Villeneuve-Lapointe <hugo_villap@email.invalid> - 2026-01-31 22:42 +0000
  Re: praliases file permission check Hugo Villeneuve-Lapointe <hugo_villap@email.invalid> - 2026-01-31 14:29 +0000
    Re: praliases file permission check kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-01-31 19:28 +0000
      Re: praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-31 22:06 +0100
        Re: praliases file permission check kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-01-31 23:24 +0000
          Re: praliases file permission check kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-01-31 23:30 +0000
    Re: praliases file permission check Hugo Villeneuve-Lapointe <hugo_villap@email.invalid> - 2026-01-31 22:55 +0000

csiph-web