Re: [Exim] File permission and aliases files

Top Page
Delete this message
Reply to this message
Author: CaLViN
Date:  
To: Philip Hazel
Subject: Re: [Exim] File permission and aliases files
Hello Philip,

Thanks for looking into this.

>> 2003-06-12 01:19:34 H=moutvdom.kundenserver.de [212.227.126.250]
>> F=<christian@???> temporarily rejected RCPT
>> <test2@???>: failed to open /opt/rellits.com/mail/aliases for
>> linear search: Permission denied (euid=8 egid=8)


Permissions on the dirs/file:

drwxr-xr-x   18 root     root         4096 May 13 20:46 /
drwxr-xr-x   22 root     root         4096 Jun 17 17:33 /opt/
drwxrwx---    3 mail     rellits      4096 Jun 11 23:08 /opt/rellits.com/
drwxrwxr-x    6 mail     rellits      4096 Jun 23 12:03 /opt/rellits.com/mail/
-rw-rw----    1 mail     rellits      1892 Jun 17 20:42 /opt/rellits.com/mail/aliases


This is the configuration that works. User mail is in group rellits.
Now I change the permissions on the alias file to this:

-rw-rw----    1 calvin   rellits      1892 Jun 17 20:42 /opt/rellits.com/mail/aliases


With this config I get the error.

>> When I do a "su mail" I can read/write the aliases file.
> Mail is uid 8, gid 8, right?


correct.

This is the section from the config file:

domain_aliases:
driver = redirect
allow_fail
allow_defer
require_files = /opt/${domain}/mail/aliases
# debug_print = yes
user = mail
initgroups = true
# check_local_user = false
# check_group = false
# check_owner = false
# modemask = 000
data = ${lookup{$local_part}lsearch{/opt/${domain}/mail/aliases}}
# one_time = yes
file_transport = address_file
pipe_transport = address_pipe


TIA again,

CaLViN

> What happens if you do an Exim test run using the -bh option?


MAIL FROM: cstiller@???
250 OK
RCPT TO: calvin@???
>>> using ACL "acl_check_rcpt"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "deny"
>>> check local_parts = ^.*[@%!/|] : ^\\.
>>> calvin in "^.*[@%!/|] : ^\."? no (end of list)
>>> deny: condition test failed
>>> processing "accept"
>>> check local_parts = postmaster
>>> calvin in "postmaster"? no (end of list)
>>> accept: condition test failed
>>> processing "require"
>>> check verify = sender
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing cstiller@???
>>> progress.com in "rellits.com:feuerzauber97.de:spacious.com:kidshaven.de:stiller-net.de:lehringer.de"? no (end of list)
>>> progress.com in "! +local_domains"? yes (end of list)
>>> calling dnslookup router
>>> 192.77.186.2 in "0.0.0.0 : 127.0.0.0/8"? no (end of list)
>>> 192.77.186.1 in "0.0.0.0 : 127.0.0.0/8"? no (end of list)
>>> routed by dnslookup router
>>> ----------- end verify ------------
>>> require: condition test succeeded
>>> processing "accept"
>>> check domains = +local_domains
>>> rellits.com in "rellits.com:feuerzauber97.de:spacious.com:kidshaven.de:stiller-net.de:lehringer.de"? yes (matched "rellits.com")
>>> rellits.com in "+local_domains"? yes (matched "+local_domains")
>>> check verify = recipient
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing calvin@???
>>> rellits.com in "! +local_domains"? no (matched "! +local_domains" - cached)
>>> calling system_aliases router
>>> system_aliases router declined for calvin@???
>>> calling domain_aliases router
>>> domain_aliases router: defer for calvin@???
>>> message: failed to expand "${lookup{$local_part}lsearch{/opt/${domain}/mail/aliases}}": failed to open /opt/rellits.com/mail/aliases for linear search: Permission denied (euid=8 egid=8)
>>> ----------- end verify ------------
>>> accept: condition test deferred

451 Temporary local problem - please try later
LOG: H=h000625c57c58.ne.client2.attbi.com (rellits.com) [66.30.204.66] F=<cstiller@???> temporarily rejected RCPT calvin@???: failed to open /opt/rellits.com/mail/aliases for linear search: Permission denied (euid=8 egid=8)