Well, at any rate, that doesn't seem to be the problem, either.
However, this does reveal that smmsp does not have read permissions to
/var/spool/mqueue
Could this be one of those inaccurate error-message situations?
Right now,
rwx------ root mail /var/spool/mqueue
would it be safe and/or recommended to add g+rx to /var/spool/mqueue and
put smmsp in the mail group?
~Brian
Daniel Sterling wrote:
Brian Henning wrote:
iptables doesn't have per-user ability, does it? I thought it only
examined packet headers, which I didn't think had any info about local
user in them..
iptables has access to any information the kernel has about the packet,
and can indeed route packets based on user id. For example, to set up a
transparent proxy, I've got the following rule:
$ sudo /sbin/iptables -t nat -L
...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere ! OWNER UID
match proxy tcp dpt:www redir ports 3128
Which redirects port 80 to port 3128 for all packets except packets
generated by the proxy user.
I can't access a shell from that account (which is sensible)
You should be able to with e.g.
sudo su smmsp -s /bin/bash
-- Dan
I can, however, telnet to strutmasters.net:25 from a
standard unprivileged account.
cool, does this work? another thing you can do is fire up your favorite
packet sniffer and see what's going out on the wire.
-- Dan
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
