php mail() function not working
Fraser Campbell
fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org
Tue Oct 7 16:58:17 UTC 2003
On Tuesday 07 October 2003 12:01, serge_ss-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org wrote:
> Well, the security implications are understandable, but what's the solution
> if sendmail and other stuff are run under apache user, and su .... -c
> '/usr/sbin/sendmail -t -i' doesn't work. The only other solution I see, is
> to write a stub that would accept input from php and then send it to
> postfix under different privileges.
/usb/sbin/sendmail can be run by any user on the system, no need to su, no
need for it to be suid/sgid (we're talking postfix systems here not
necessarily others). Programs such as /bin/mail, pine, mutt, php, etc. all
use this program directly, users running those programs should not be members
of the postdrop group.
As I understand it, /usr/sbin/sendmail passes mail to a program called
postdrop for further processing. Taking a stab at Keith's problem I guessed
that his postdrop binary is not setgid postdrop, if that is the case he will
definitely get a permission denied message when running /usr/sbin/sendmail
(and consequently postdrop).
On a redhat system you should probably have these permissions seem typical:
/usr/sbin/sendmail.postfix, owner root:root, mode 555 (or 755)
/usr/sbin/postdrop, owner root:postdrop, mode 2555 (or 2775)
/var/spool/postfix/maildrop/, owner postfix:postdrop, mode 730
The only difference on my Debian systems is that /var/spool/postfix/maildrop/
has the sticky bit set (mode 1730), this may not be necessary.
--
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org> http://www.wehave.net/
Halton Hills, Ontario, Canada Debian GNU/Linux
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list