If any component of the
path is rejected, the -d44.4 debugging switch causes sendmail to print:
[dir fname] reason for the rejection here
A pathcomponent can fail because stat(2) failed. If the user-id is 0 for root, a warning is
logged if a component is found to be group- or world-writable. For example:
hash map "Alias0": unsafe map file /etc/mail/aliases.db: World-writable directory
For each component in the path, safefile( ) checks to verify that this user has permission to
search the directory. If the SFF_ROOTOK flag is not set (is clear), root (user-id 0) access is
special-cased in that all directory components must be world-searchable.
Otherwise, the path component is accepted if it is owned by the user-id and has the user
searchbit set, or if its group is the same as group-id and has the group search bit set. If
NO_GROUP_SET is undefined when sendmail is compiled (?§3.4.38 on page 130) and the
DontInitGroups option (?§24.9.41 on page 1023) is not set, eachgroup to which user-id
belongs is also checked. Otherwise, the directory must be world-searchable.
If the fname could not be checked with stat(2), the -d44.4 debugging switchcauses the
reason to be printed:
reason for failure here
SFF_ROOTOK 0x00000004 OK for root to own this file
SFF_RUNASREALUID 0x00000008 If no controlling user, run as real user-id
SFF_NOPATHCHECK 0x00000010 Don??™t bother checking directory path
SFF_SETUIDOK 0x00000020 Set-user-id files are OK.
Pages:
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012