Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 65159 - mail-filter/qmail-scanner-1.23-r3 permissions error
Summary: mail-filter/qmail-scanner-1.23-r3 permissions error
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Net-Mail Packages
URL:
Whiteboard:
Keywords: Bug
Depends on:
Blocks:
 
Reported: 2004-09-23 18:51 UTC by phaidros
Modified: 2004-09-24 16:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description phaidros 2004-09-23 18:51:45 UTC 
Sep 24 04:43:53 audio1 X-Qmail-Scanner-1.23st: [audio1.medien.uni-weimar.de109599383366016455] cannot open /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied 

audio1 qmailscan # ls -al
total 9964
drwxr-xr-x  6 qscand vpopmail     4096 Sep 24 04:44 .
drwxr-xr-x  5 root   root         4096 May  1 14:53 ..
-rw-r--r--  1 root   root            0 Sep 24 03:57 .keep
drwxrwx---  5 qscand qscand       4096 May  1 14:53 archive
-rw-------  1 qmailq qmail         233 Sep 24 02:50 mailstats.csv
-rw-rw----  1 qscand qscand   10130094 Sep 24 04:44 qmail-queue.log
-rw-------  1 root   root           40 Sep 24 04:44 qmail-scanner-queue-version.txt
drwxrwx---  5 qscand qscand       4096 May  1 14:53 quarantine
-rw-r-----  1 root   root        12288 Sep 24 04:44 quarantine-attachments.db
-rw-r--r--  1 qscand qscand       7414 Sep 24 03:57 quarantine-attachments.txt
-rw-r--r--  1 qscand qscand          0 Sep 24 03:57 quarantine.log
drwxrwx---  6 qscand qscand       4096 Sep 24 03:57 tmp
lrwxrwxrwx  1 root   root           14 Sep 24 03:57 viruses.log -> quarantine.log
drwxrwx---  5 qscand qscand       4096 May  1 14:53 working

maybe sumthin to do with perl running without suidperl?
other suggestions?

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-09-23 20:07:10 UTC 
It sounds like you are running the old method, using /var/qmail/bin/qmail-scanner-queue.pl. As the warning message after the qmail-scanner upgrade noted, you MUST change to using the new suid binary /var/qmail/bin/qmail-scanner-queue
for qmail-scanner to continue working.

Also the group owner on your /var/spool/qmailscan is incorrect, the directory owner should be qscand:qscand and NOT qscand:vpopmail.
Comment 2 phaidros 2004-09-24 06:07:48 UTC 
hm, thtas strange I use in /etc/tcp.smtp

# Qmail-Scanner disabled for mail from 127.0.0.1
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

# Qmail-Scanner enabled (virus and spam) for mail from external internet
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

and in /etc/tcp.qmtp

XXX.XX.XXX.XX:allow,RELAYCLIENT="",RBLSMTPD=""
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

and still getting:
Sep 24 15:35:47 audio1 X-Qmail-Scanner-1.23st: [host.domain.tld109603294766018785] cannot open /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-09-24 08:53:38 UTC 
make sure:
chmod u+s /var/qmail/bin/qmail-queue
chgrp qscand /var/spool/qmailscan
chown qscand:root /var/spool/qmailscan/{qmail-scanner-queue-version.txt,quarantine-attachments.db}
Comment 4 phaidros 2004-09-24 16:36:54 UTC 
thanx that helped. I think it was the +s 
; )