On Thu, 12 Apr 2012 08:17:33 +0100, Matthew Seaman wrote: > On 12/04/2012 02:49, Polytropon wrote: > > On Wed, 11 Apr 2012 23:57:51 +0000, Ian Lord wrote: > >> > I then got a different error in /var/log/messages > >> > Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write > >> > to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): > >> > Permission denied > > >> > I found very old threads saying to change the group of apache > >> > to "smmsp" but I doubt it's a good idea. > > > No, not "change to", but you can _add_ apache (or whatever is > > originating the error) to the smmsp group. Add it to "smmsp:*:25:" > > in /etc/group. > > You should not be changing the ownership and permissions on any of the > directories used by sendmail(8), or the group membership of any of the > groups used by sendmail. Not even if you think you know what you are > doing. This is extremely security sensitive, and getting it wrong means > at minimum unprivileged users can forge e-mails untraceably[*].
You're right - as long as sendmail works properly (and is invoked by whatever means sends e-mail out of apache / PHP), the present group settings and permissions should be okay. Sendmail will then properly run "as the smmsp group member" which will enable it to properly access the queue directory. > There is no reason for apache to have any sort of write permissions to > /var/spool/clientmqueue -- that should only be accessible to sendmail, > and sendmail is the only program that should ever use it. I'm not aware of why a program should directly access the mail queues, but maybe that's a "special" PHP feature. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"