bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#57283: opensmtpd: permission issue while trying to deliver messages

From: Felix Lechner
Subject: bug#57283: opensmtpd: permission issue while trying to deliver messages to mboxes in /var/mail
Date: Thu, 22 Sep 2022 11:31:43 -0700 
Hi,

Based on friendly advice offered on IRC, I believe I more or
lessaddressed the setgid issue with the system declaration below.

The issue I still have is that the adjusted gids appear to be effective
only for users but not for the smtpd process itself. As a result, smtpd
could not deliver an offline message that was created by a setup
error. It resulted in this warning on startup:

# smtpd -d -f smtpd.conf
info: OpenSMTPD 6.8.0p2 starting
sendmail: this program must be setgid smtpq
warn: smtpd: couldn't enqueue offline message 
/var/spool/smtpd/offline/1663868496.XXXXt611BF; smtpctl exited abnormally

I tried that inside 'guix shell smtpd' and without. Then I deleted the
queued message and resent it.

Alas, the reporting party may find this solution insufficient, as
well. Perhaps the local mail delivery they hope to achieve is affected
like the local retrieval that remains broken for me. (I use a relay.)

Either way, I hope this message is somewhat helpful.

Kind regards
Felix Lechner

* * *

(use-modules
 (gnu packages mail)
 (gnu system setuid))

(operating-system

 ...

 (setuid-programs
  (append (list

           (setuid-program
            (program (file-append opensmtpd "/sbin/smtpctl"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/sendmail"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/send-mail"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/makemap"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/mailq"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/newaliases"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq")))

          %setuid-programs))

 (services
  (append (list

           ...

           (service opensmtpd-service-type
                    (opensmtpd-configuration
                     (config-file
                      (plain-file "opensmtpd-configuration"
                                    "
[YOUR SMTPD CONFIG TEXT GOES HERE]
"))))))))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]