Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.mail.sendmail > #8235

Re: praliases file permission check

From jayjwa <jayjwa@atr2.ath.cx.invalid>
Newsgroups comp.mail.sendmail
Subject Re: praliases file permission check
Date 2026-01-30 14:15 -0500
Organization atr2net 2026
Message-ID <87343mj4j8.fsf@atr2.ath.cx> (permalink)
References <20260130125150.06f0bcd0@ryz.dorfdsl.de>

Show all headers | View raw

Marco Moock <mm@dorfdsl.de> writes:

> I noticed that the praliases command only works if 
> /etc/mail/aliases.db is globally readable.
On Slackware, all my .db are root-only, but some of the files that make
them are world readable. Sendmail is using the .db files. 

> -rw-r--r-- 1 smmta smmsp 2165 30. Jan 12:17 /etc/mail/aliases.db
ls -l /etc/mail/{aliases,*.db}
-rw-r----- 1 root root 12288 Nov 15  2024 /etc/mail/access.db
-rw-r--r-- 1 root root   800 Oct 17  2023 /etc/mail/aliases
-rw-r----- 1 root root 12288 Oct 17  2023 /etc/mail/aliases.db
-rw-r----- 1 root root 12288 Mar 19  2022 /etc/mail/authinfo.db
-rw-r----- 1 root root 12288 Apr 14  2022 /etc/mail/domaintable.db
-rw-r----- 1 root root 12288 Apr 25  2024 /etc/mail/mailertable.db
-rw-r----- 1 root root 12288 Apr 25  2024 /etc/mail/uudomain.db
-rw-r----- 1 root root 12288 Jan  9  2018 /etc/mail/virtusertable.db

> exe="/usr/libexec/sendmail/praliases" subj=unconfined key="aliases"
Sendmail in libexec? Debian sure does it weird.

> type=SYSCALL msg=audit(1769773585.836:438): arch=c000003e syscall=257
> success=yes exit=5 a0=ffffffffffffff9c a1=7fff4dace1f0 a2=0 a3=0
> items=1 ppid=4200 pid=4203 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="praliases"
> exe="/usr/libexec/sendmail/praliases" subj=unconfined key="aliases"
>
> Which lets me assume the access is being done by root.
>
> root@deb-test:~# strace praliases 2>&1 |grep alias
> execve("/usr/sbin/praliases", ["praliases"], 0x7ffde3b673e0 /* 11 vars */) = 0
> newfstatat(AT_FDCWD, "/etc/mail/aliases.db", {st_mode=S_IFREG|0640,
> st_size=2165, ...}, 0) = 0
> newfstatat(AT_FDCWD, "/etc/mail/aliases.db", {st_mode=S_IFREG|0640,
> st_size=2165, ...}, 0) = 0
> write(2, "praliases: /etc/mail/aliases: op"..., 54praliases:
> /etc/mail/aliases: open: Permission denied
> root@deb-test:~# 
>
> What is the reason for that?
Is your praliases setuid/setgid to something? My user can't "praliases"
but root can. 

-- 
PGP Key ID: 781C A3E2 C6ED 70A6 B356  7AF5 B510 542E D460 5CAE
       "The Internet should always be the Wild West!"

Back to comp.mail.sendmail | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-30 12:51 +0100
  Re: praliases file permission check jayjwa <jayjwa@atr2.ath.cx.invalid> - 2026-01-30 14:15 -0500
    Re: praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-30 20:53 +0100
      Re: praliases file permission check jayjwa <jayjwa@atr2.ath.cx.invalid> - 2026-01-31 11:26 -0500
        Re: praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-31 22:10 +0100
          Re: praliases file permission check Hugo Villeneuve-Lapointe <hugo_villap@email.invalid> - 2026-01-31 22:42 +0000
  Re: praliases file permission check Hugo Villeneuve-Lapointe <hugo_villap@email.invalid> - 2026-01-31 14:29 +0000
    Re: praliases file permission check kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-01-31 19:28 +0000
      Re: praliases file permission check Marco Moock <mm@dorfdsl.de> - 2026-01-31 22:06 +0100
        Re: praliases file permission check kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-01-31 23:24 +0000
          Re: praliases file permission check kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-01-31 23:30 +0000
    Re: praliases file permission check Hugo Villeneuve-Lapointe <hugo_villap@email.invalid> - 2026-01-31 22:55 +0000

csiph-web