Group writable directory

Group writable directory

am 31.01.2007 17:18:23 von gostl

I'm running AIX 5.3 and sendmail 8.11.6p2, just as IBM distributed it.

Yesterday I suddenly got a slew of error messages in my log and sendmail
shut down and refused to restart. The first message was:

Jan 30 13:12:02 argos sendmail[480134]: l0UIC2C480134: SYSERR: putoutmsg
(dsl88-
226-56287.ttnet.net.tr): error on output channel sending "220 argoscomp.com
ESMT
P Sendmail AIX5.3/8.11.6p2/8.11.0; Tue, 30 Jan 2007 13:12:02 -0500": There
is no
process to read data written to a pipe.

I won't bother with the rest of the messages because we know what happened
(although not why). Two directories, the root directory and one of the user
home directories suddenly became group writable. Once I did the chmod,
things returned to normal.

Now this has been a stable system, running for about six months, no OS or
sendmail upgrades lately. Lots of pop3 and imapd activity. A fair amount of
mail, nothing huge, and alot of spam. We run spamassassin for that. CPU
isn't paticularly busy.

I'm looking for some clues. We've had alot of break in attempts lately, I
don't think any succeeded, but I'm getting paranoid.

Any and all suggestions gratefully accepted.

Re: Group writable directory

am 01.02.2007 12:02:59 von ska

> I'm looking for some clues.

Do you have scripts running on that systems, that possibly perform a
chmod, e.g.

chmod $dir/

If $dir is empty or, because it's unquoted, ends in a space, the root
directory is effected.
Actually, I got some very irritating results in conjunction with good
ol' scripts, years old, and directoriy names containing spaces, once
Windows invented long filenames.

Re: Group writable directory

am 01.02.2007 15:59:17 von gostl

"ska" wrote in message
news:1170327779.286973.172570@s48g2000cws.googlegroups.com.. .
>> I'm looking for some clues.
>
> Do you have scripts running on that systems, that possibly perform a
> chmod, e.g.
>
> chmod $dir/
>
> If $dir is empty or, because it's unquoted, ends in a space, the root
> directory is effected.
> Actually, I got some very irritating results in conjunction with good
> ol' scripts, years old, and directoriy names containing spaces, once
> Windows invented long filenames.


Maybe. Seems unlikely but I'll look.

I've tried to turn on auditing. That was a disaster. It seems that pop3 and
imapd do chmods like crazy.