Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

[Pavel V. Yanchenko]

Hello Michael,

I'm not sure how it will affect security, but perhaps you could make mike4 and other users who need access to vpopmail.mysql members of vchkpw group?

In linux it should be "usermod -a -G vchkpw mike4"
And you can use "groups mike4" command to see in which groups mike4 is.



Friday, December 4, 2009, 3:47:57 PM, you wrote:







Jukka,

Good point, but vpopmail.mysql is already group vchkpw and mode 640 doesn't work. I tried and it gives:

@40004b19000104a3957c delivery 37: deferral: vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/

Any other ideas?

Thanks,
Michael.

 Date: Fri, 4 Dec 2009 10:09:44 +0200
 From: jukka.kurk...@tjc.fi
 To: vchkpw@inter7.com
 Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u

 rather change the group of vpopmail.mysql to vchkpw and let it be in
 mode 640.. it contains the password for the database, and if anyone who
 don't need to know it has shell access, its a security risk.

 ++jukka





Have more than one Hotmail account?Link them together to easily access both.








--
Best regards,
Pavel  mailto:bal...@msmu.ru


!DSPAM:4b19109d32711976249256!

RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

[Michael Mussulis]

Hi Pavel,
It already is, see output of id:
[r...@vmfc12 ~]# id mike4uid=516(mike4) gid=516(mike4) 
groups=516(mike4),502(vchkpw)
Mike.
Date: Fri, 4 Dec 2009 16:36:46 +0300
From: bal...@msmu.ru
To: vchkpw@inter7.com
Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u











Hello Michael,




I'm not sure how it will affect security, but perhaps you could make mike4 and 
other users who need access to vpopmail.mysql members of vchkpw group?




In linux it should be usermod -a -G vchkpw mike4

And you can use groups mike4 command to see in which groups mike4 is.









  
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b1912f132712110113787!

Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

[Pavel V. Yanchenko]

Hmmm, I've created a test domain belonging to user balrog, and although vpopmail.mysql file is accesible, messages are not delivered until I change its permissions to 644:

permissions:
/home/vpopmail 40711
/home/vpopmail/etc 40755
/home/vpopmail/etc/vpopmail.mysql 100640

[bal...@mail ~]$ id
uid=508(balrog) gid=508(balrog) groups=502(vchkpw),508(balrog)
[bal...@mail ~]$ cat /home/vpopmail/etc/vpopmail.mysql
localhost|0|vpopmail||vpopmail


Attempt to send mail results in this error in qmail-send log:
deferral: vmysql:_can't_read_settings_from_/home/vpopmail/etc/vpopmail.mysql/vdelivermail:_deferred,_database_down/

When vpopmail.mysql is made 644, then messages are delivered nicely.

Further testing revealed that although user "balrog" is a member of vchkpw group and can access vpopmail.mysql (see above), this file is not available to him while vdelivermail is running:
15730 open("/home/vpopmail/etc/vpopmail.mysql", O_RDONLY) = -1 EACCES (Permission denied)

If I change group of vpopmail.mysql to balrog, then mail gets delivered in this domain.
Could it be that vdelivermail ignores groups? Is it possible at all?


Friday, December 4, 2009, 4:49:30 PM, you wrote:







Jukka,

To clarify, the user was part of 'vhckpw' group before I tried reverting to mode 640.
So still having the issue. At the moment it's working with mode 644.

Mike.


 Date: Fri, 4 Dec 2009 15:45:30 +0200
 From: jukka.kurk...@tjc.fi
 To: vchkpw@inter7.com
 Subject: Re: [vchkpw] vdeliver perimission denied for vadddomain -u

 Thats kind of odd.. did you make sure the user (mike4 i guess) is in
 that group?

 ++jukka

 Michael Mussulis wrote:




Add other email accounts to Hotmail in 3 easy steps.Find out how.








--
Best regards,
Pavel  mailto:bal...@msmu.ru


!DSPAM:4b192a3232712125865721!

RE: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u

[Michael Mussulis]

Pavel,
Didn't work, I got this:
@40004b1996a62056cd0c status: local 0/10 remote 
0/1...@40004b19970325ce2f3c starting delivery 92: msg 206456 to local 
test10.com-postmas...@test10.com@40004b19970325ce42c4 status: local 1/10 
remote 0/1...@40004b1997071b92096c delivery 92: deferral: 
vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./vmysql:_can't_read_settings_from_/usr/local/hcp/vpopmail/etc/vpopmail.mysql/Error_-_no_authentication_database_connection._Initial_open./grep:_/.qmail-default:_No_such_file_or_directory/grep:_/.qmail-default:_No_such_file_or_directory/awk:_cmd._line:1:_fatal:_cannot_open_file_`/.qmail-default'_for_reading_(No_such_file_or_directory)/maildrop:_non-filtered_mail_delivery//usr/local/hcp/bin/maildrop:_Unable_to_open_mailbox./@40004b1997071be015e4
 status: local 0/10 remote 0/120
Works only in mode 644.
Mike.
 Date: Fri, 4 Dec 2009 18:30:05 +0300
 From: bal...@msmu.ru
 To: vchkpw@inter7.com
 Subject: Re[2]: [vchkpw] vdeliver perimission denied for vadddomain -u
 
 Update.
 
 If vdelivermail is made 102711 (set group id on exec) then mail is
 delivered.
 
 Try it, Michael.
 
 -- 
 Best regards,
  Pavelmailto:bal...@msmu.ru
 
 
 
 
  
_
Use Hotmail to send and receive mail from your different email accounts
http://clk.atdmt.com/UKM/go/186394592/direct/01/

!DSPAM:4b1997b632711610977555!