Sendmail complaining about "world writable"

Hi, folks.

This morning, sendmail (8.14.2-1.1 running on CentOS 4.6) barfed.
When i tried to start the server, it threw the following error:

451 4.0.0 /etc/mail/sendmail.cf: line 91: fileclass: cannot open '/etc/
mail/local-host-names': World writable directory

I also got a similar error regarding /etc/mail/trusted-users in
submit.cf.

Having to get this server up and running quickly, I googled for a
possible solution. One post suggested replacing line Fw/etc/mail/
local-host-names with line Fw-o /etc/mail/local-host-names in
sendmail.cf, and Ft/etc/mail/trusted-users
with line Ft-o /etc/mail/trusted-users in submit.cf. I made those
changes and ... all was good!

My questions are: 1) what might have happened to cause this, where
other sendmail instances set up similarly on other boxes have no
problem?, and; 2) can there be any ill affects from making these
changes?

Many thanks.

Diggy

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

On Jan 28, 7:07 pm, Res wrote:
> On Mon, 28 Jan 2008, Diggy wrote:
>
> > Hi, folks.
>
> > This morning, sendmail (8.14.2-1.1 running on CentOS 4.6) barfed.
> > When i tried to start the server, it threw the following error:
>
> > 451 4.0.0 /etc/mail/sendmail.cf: line 91: fileclass: cannot open '/etc/
> > mail/local-host-names': World writable directory
>
> This kind of answer your question? what are the perms on /etc/mail ?
> should be at worse 0755
>
> If you never changed anything, ask on the centos list what they did :)
>
> > My questions are: 1) what might have happened to cause this, where
> > other sendmail instances set up similarly on other boxes have no
> > problem?, and; 2) can there be any ill affects from making these
> > changes?
>
> > Many thanks.
>
> > Diggy
>
> --
> Cheers
> Res
>

The first thing I did was to check the perms of /etc/mail, and indeed
they were 0755. All of the files in that directory were also correct.

As I said above, the tweaks I made, based on another post, did work.
But, I'd still like to know why the problem occurred, and if there are
any issues associated with the tweaks.
Why would these be questions for CentOS? It's sendmail that's
complaining. Any help/insights would be much appreciated.

Diggy

Re: Sendmail complaining about "world writable"

Diggy writes:
> This morning, sendmail (8.14.2-1.1 running on CentOS 4.6) barfed.
> When i tried to start the server, it threw the following error:
>
> 451 4.0.0 /etc/mail/sendmail.cf: line 91: fileclass: cannot open '/etc/
> mail/local-host-names': World writable directory
>
> I also got a similar error regarding /etc/mail/trusted-users in
> submit.cf.
> [...]

The message should be read as:
I can open the file but I *refuse* to open the file with too broad write
permissions in one of parent directories.

Use the command below to trace cause of problems in submit.cf
[ it is most likely the same as in sendmail.cf ]:
/usr/sbin/sendmail -Ac -d44.4 -bv root

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
Computers are unreliable, but humans are even more unreliable.
Any system which depends on human reliability is unreliable.
-- Gilb
----
http://groups.google.com/groups?selm=87odb47pl2@roberto.fsf. hobby-site.com

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

Diggy wrote:

> On Jan 28, 7:07 pm, Res wrote:
> > On Mon, 28 Jan 2008, Diggy wrote:
> >
> > > Hi, folks.
> >
> > > This morning, sendmail (8.14.2-1.1 running on CentOS 4.6) barfed.
> > > When i tried to start the server, it threw the following error:
> >
> > > 451 4.0.0 /etc/mail/sendmail.cf: line 91: fileclass: cannot open '/etc/
> > > mail/local-host-names': World writable directory
> >
> > This kind of answer your question? what are the perms on /etc/mail ?
> > should be at worse 0755
> >

> >
>
> The first thing I did was to check the perms of /etc/mail, and indeed
> they were 0755. All of the files in that directory were also correct.
>
> As I said above, the tweaks I made, based on another post, did work.
> But, I'd still like to know why the problem occurred, and if there are
> any issues associated with the tweaks.
> Why would these be questions for CentOS? It's sendmail that's
> complaining. Any help/insights would be much appreciated.
>
> Diggy

# ls -ld / /etc /etc/mail

I beleive you have to check every component of the path when you get
such an error.

Re: Sendmail complaining about "world writable"

On Jan 29, 8:07 am, Res wrote:
> On Tue, 29 Jan 2008, Diggy wrote:
> > As I said above, the tweaks I made, based on another post, did work.
> > But, I'd still like to know why the problem occurred, and if there are
> > any issues associated with the tweaks.
> > Why would these be questions for CentOS? It's sendmail that's
> > complaining. Any help/insights would be much appreciated.
>
> Because CentOS aka RedHat bastardise most things that go into their
> distributions, if you used the Sendmail Inc source file compiled and
> installed you have it as it's meant, not a hacked version.
> The fact CentOS's yum does automatic updates, kind of points towards it
> not being Sendmail that changed if you did not make any changes, but
> something else on the OS (unless again CentOS updated Sendmail)
>
> --
> Cheers
> Res
>
> mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

OK, point well taken. I just thought somebody on this list might have
encountered the same issue.

Re: Sendmail complaining about "world writable"

On Jan 29, 8:30 am, h...@EINTR.net (Hugo Villeneuve) wrote:
> Diggy wrote:
> > On Jan 28, 7:07 pm, Res wrote:
> > > On Mon, 28 Jan 2008, Diggy wrote:
>
> > > > Hi, folks.
>
> > > > This morning, sendmail (8.14.2-1.1 running on CentOS 4.6) barfed.
> > > > When i tried to start the server, it threw the following error:
>
> > > > 451 4.0.0 /etc/mail/sendmail.cf: line 91: fileclass: cannot open '/etc/
> > > > mail/local-host-names': World writable directory
>
> > > This kind of answer your question? what are the perms on /etc/mail ?
> > > should be at worse 0755
>
> > The first thing I did was to check the perms of /etc/mail, and indeed
> > they were 0755. All of the files in that directory were also correct.
>
> > As I said above, the tweaks I made, based on another post, did work.
> > But, I'd still like to know why the problem occurred, and if there are
> > any issues associated with the tweaks.
> > Why would these be questions for CentOS? It's sendmail that's
> > complaining. Any help/insights would be much appreciated.
>
> > Diggy
>
> # ls -ld / /etc /etc/mail
>
> I beleive you have to check every component of the path when you get
> such an error.

Bingo! Probably due to my own error somewhere along the line (this is
a new vm, but I should have known better), / was set to 777 rather
than 755. Made the perms change, put sendmail.cf and submit.cf back
to previous settings (pre-tweak), and sendmail started w/o problem.
Thanks, Hugo.

Re: Sendmail complaining about "world writable"

In article ,
Res wrote:
:On Mon, 28 Jan 2008, Diggy wrote:
:
:>
:> Hi, folks.
:>
:> This morning, sendmail (8.14.2-1.1 running on CentOS 4.6) barfed.
:> When i tried to start the server, it threw the following error:
:>
:> 451 4.0.0 /etc/mail/sendmail.cf: line 91: fileclass: cannot open '/etc/
:> mail/local-host-names': World writable directory
:
:
:This kind of answer your question? what are the perms on /etc/mail ?
:should be at worse 0755

Check the permissions on / and /etc too. If, as root, you are careless
enough to extract a tar (or similar) archive into the root directory and
that archive happens to contain an entry for "." with loose permissions,
then you can leave your root directory world writable.

--
Bob Nichols AT comcast.net I am "RNichols42"

Re: Sendmail complaining about "world writable"

On Jan 29, 8:33 am, Diggy wrote:
> On Jan 29, 8:07 am, Res wrote:
>
>
>
> > On Tue, 29 Jan 2008, Diggy wrote:
> > > As I said above, the tweaks I made, based on another post, did work.
> > > But, I'd still like to know why the problem occurred, and if there are
> > > any issues associated with the tweaks.
> > > Why would these be questions for CentOS? It's sendmail that's
> > > complaining. Any help/insights would be much appreciated.
>
> > Because CentOS aka RedHat bastardise most things that go into their
> > distributions, if you used the Sendmail Inc source file compiled and
> > installed you have it as it's meant, not a hacked version.
> > The fact CentOS's yum does automatic updates, kind of points towards it
> > not being Sendmail that changed if you did not make any changes, but
> > something else on the OS (unless again CentOS updated Sendmail)
>
> > --
> > Cheers
> > Res
>
> > mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';
>
> OK, point well taken. I just thought somebody on this list might have
> encountered the same issue.

I ran "ls -ld / /etc /etc/mail" and, lo and behold, / was set to 777
(this is a brand new vm, and I must have changed the perms, but should
have known better)! I set the perms to 755, edited sendmail.cf and
submit.cf back to previous (pre-tweak) settings, and restarted
sendmail w/o problem. Thanks to Hugo and everyone else who
responded. I solved my problem and extended my knowledge, both
beautiful things.

Re: Sendmail complaining about "world writable"

Andrzej Adam Filip schrieb:
> Use the command below to trace cause of problems in submit.cf
> [ it is most likely the same as in sendmail.cf ]:
> /usr/sbin/sendmail -Ac -d44.4 -bv root

How do you find those magic -d arguments? Do you have to dig through
the Sendmail source or is there a shortcut?

Thanks,
Tilman

--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

Traceflags (-d options) [Was: Sendmail complaining about "world writable"]

Tilman Schmidt writes:

> Andrzej Adam Filip schrieb:
>> Use the command below to trace cause of problems in submit.cf
>> [ it is most likely the same as in sendmail.cf ]:
>> /usr/sbin/sendmail -Ac -d44.4 -bv root
>
> How do you find those magic -d arguments? Do you have to dig through
> the Sendmail source or is there a shortcut?

I use Bat Book the 3rd to get beyond ~5 options I most frequently use :-)

The categories (before dot parts) are described in sendmail/TRACEFLAGS
file in sendmail distribution.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
Too often I find that the volume of paper expands to fill the available
briefcases.
-- Governor Jerry Brown
----
http://groups.google.com/groups?selm=87ejc0sijj@fredda.fsf.h obby-site.com

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

On Tue, 29 Jan 2008 15:50:31 +0100, Tilman Schmidt
wrote:

>Andrzej Adam Filip schrieb:
>> Use the command below to trace cause of problems in submit.cf
>> [ it is most likely the same as in sendmail.cf ]:
>> /usr/sbin/sendmail -Ac -d44.4 -bv root
>
>How do you find those magic -d arguments? Do you have to dig through
>the Sendmail source or is there a shortcut?

When you search for debug-flags in Sendmail you often get the following
advice:

"For a complete list of the available debug flags you will have to look
at the code (they are too dynamic to keep this documentation up to
date)."

But searching sendmail forums can give you a large number of them
anyway.

--
Peter Peters

Re: Sendmail complaining about "world writable"

Res (res@ausics.net) wrote:
: On Tue, 29 Jan 2008, Diggy wrote:

: > Bingo! Probably due to my own error somewhere along the line (this is
: > a new vm, but I should have known better), / was set to 777 rather

: a vm? anotehr important bit of info you neglected to mention first up

It's not important at all. As far as the operation of sendmail is
concerned, a vm isn't any different then a physical machine. And the
fact that it was a vm isn't even remotely important for the issue that
the OP was having.

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

Res (res@ausics.net) wrote:
: On Thu, 30 Jan 2008, John Nemeth wrote:
: > Res (res@ausics.net) wrote:
: > : On Tue, 29 Jan 2008, Diggy wrote:
: >
: > : > Bingo! Probably due to my own error somewhere along the line (this is
: > : > a new vm, but I should have known better), / was set to 777 rather
: >
: > : a vm? anotehr important bit of info you neglected to mention first up
: >
: > It's not important at all. As far as the operation of sendmail is
: > concerned, a vm isn't any different then a physical machine. And the

: bullshit it isnt, and if you stand by what you claim then you must be a

BS to you too!

: reseller, hint: most vm's have exploits, because of the way they interact

So, tell me, what's the difference between incorrectly setting
permissions on a physical disk and incorrectly setting permissions on a
virtual disk. Note that even without vms, disks can be virtual: NFS,
AFS, NAS, SAN, RAID, etc. sendmail was complaining about permissions
being incorrectly set. That was quite plain to anybody that has any
ammount of experience with sendmail. What might not be quite plain to
everybody is that sendmail checks the permissions of every directory
along the path, not just the final directory (i.e. it is rather
paranoid).

Re: Sendmail complaining about "world writable"

Res (res@ausics.net) wrote:
: On Thu, 31 Jan 2008, Peter Peters wrote:

: > And regarding exploits. Everything has exploits. A non-vm machine can be
: > exploited by installing a virtualizing rootkit. The OS will not notice
: > it. But everything the system does, will be captured by the rootkit.
: > When the rootkit tries to install itself beneath a already installed
: > virtualizer it can be detected.

: I did consider VM for one aspect only, and thats for the "dedicated
: server" side, one decent machine, and a bunch of VM's, until I was shown
: the exploit by a friend, once one vm was root-kit'd, he was able to root

Sounds like the guest OS wasn't very secure.

: both VM's quicker than the time it took me to walk into the next room,
: punch a button on expresso machine and walk back in, but he was not able
: to root the underlying OS, that was the very final nail in vm's coffin
: AFAIC.

I highly suspect that there is stuff that you aren't telling us.
Such as different OSes on the host and guest, or maybe host was cracked
and the virtual disks were modified under the vm's nose.

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

VM [Re: Sendmail complaining about "world writable"]

Res wrote:

> On Fri, 31 Jan 2008, John Nemeth wrote:
>
> >
> > Res (res@ausics.net) wrote:
> > : On Thu, 31 Jan 2008, Peter Peters wrote:
> >
> > : > And regarding exploits. Everything has exploits. A non-vm machine can be
> > : > exploited by installing a virtualizing rootkit. The OS will not notice
> > : > it. But everything the system does, will be captured by the rootkit.
> > : > When the rootkit tries to install itself beneath a already installed
> > : > virtualizer it can be detected.
> >
> > : I did consider VM for one aspect only, and thats for the "dedicated
> > : server" side, one decent machine, and a bunch of VM's, until I was shown
> > : the exploit by a friend, once one vm was root-kit'd, he was able to root
> >
> > Sounds like the guest OS wasn't very secure.
>
>
> >
> > : both VM's quicker than the time it took me to walk into the next room,
> > : punch a button on expresso machine and walk back in, but he was not able
> > : to root the underlying OS, that was the very final nail in vm's coffin
> > : AFAIC.
> >
> > I highly suspect that there is stuff that you aren't telling us.
>
> nope..
>
> > Such as different OSes on the host and guest, or maybe host was cracked
>
> slackware as host, slackware and centos as guest
>
> I've seen enough to know I'll never use that shit again and any tech who
> installs it will be explaining to me why I should not dismiss them for
> serious breach of data centre security.
>
> Now you seem to be in love with VM thats fine, I'm not telling you not to
> use it, I'm saying I wont use it and why I wont use it, so dont sit there
> on your agents/fanboi cap trying to defend what you cant, if you fail to
> believe me and are calling me a liar thats your pathetic problem, not
> mine, you seem to think its infalable, it might not be today, or tomorrow,
> it might be in 6 months time, but when your screwed completely over
> because of this or a similar exploit, I wont laugh at you, but I'll
> certainly remember that you outright dismissed my statements of it can
> happen, and maybe even you will you recall it.
>
>

I would add that VM aren't safe on x86 because of the hardware. It's not
just a case of buggy OS and VM software, although that doesn't help.

But they are great on IBM mainframes though.

Or maybe I just put too much trust on Theo's word (and my prefered
Unix-like):
http://kerneltrap.org/OpenBSD/Virtualization_Security

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: Sendmail complaining about "world writable"

Post removed (X-No-Archive: yes)

Re: VM [Re: Sendmail complaining about "world writable"]

On Fri, 1 Feb 2008 00:39:52 -0500, hugo@EINTR.net (Hugo Villeneuve)
wrote:

>But they are great on IBM mainframes though.

If you are talking about speed in rolling out systems. I was at a talk
from somebody from IBM. He was complaining he couldn't get the startup
time of a linux system to under 1.5 seconds. He was trying to shutdown
the VM when it wasn't doing anything until the first packet would
arrive. Then he would start up the system and have it running within
seconds.

--
Peter Peters