Manuel Schneider wrote: >>>> Is this an SELinux enabled host? >>> no, but an openvz-container. >> What are the permissions on /usr/bin/sendmail? It should be setuid >> root, and probably isn't. > > thx for the hint. I have already checked that with a working server, no > difference: > > -:[/]#> ls -l /usr/bin/sendmail > -rws--x--x 1 root mail 28052 10. Jun 15:21 /usr/bin/sendmail > > looks good?
It does, and that's odd. In the strace output that you posted on the 10th, sendmail attempted to setgid(12), and got EPERM. In a normal system, a program that's setuid root will be able to switch uid/gid. If sendmail is working for you from the command line, then I'd expect that the setgid() call is working there. That leaves us looking for some reason why a setuid program called by apache can't switch gids. It may have something to do with OpenVZ's modifications to the kernel, but I'm not familiar enough with it to say. Perhaps OpenVZ changes the way that Posix capabilities work within user namespaces? I'd ask on their forums. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
