[plug] Running Qmail

Garth Atkinson garth at cclinic.com.au
Mon Sep 20 01:30:28 WST 1999


Greg Mildenhall wrote:
> 
> > Contents of qt file
> > ===================
> > supervise /var/lock/qmail-smtpd tcpserver -v -x/etc/tcp.smtp.cdb -u71 -g1001 0 25 \
> >       rblsmtpd qmail-smtpd 2>&1 | setuidgid qmaill multilog | \
>                                               ^^^^^^
> >       setuidgid qmaill multilog -s5000000 -n5 /var/log/qmail/qmail-smtpd &
>                   ^^^^^^
> >
> > After switching to user qmaild, I ran the "qt" script.
> Now I don't know if this is a problem or not, but another, similar uid/gid
> is mentioned in the script.
> 
> > After a little while, I executed "qt" again and got the message
> > "/usr/local/bin/setuidgid: Permission denied"

Looking at the above usage of the program supervise, -u71 -g1001
obviously refers to a user id and a group id. Should this be replaced
with the userid of qmail and the groupid of multilog? (pure speculation
that suggestion) This might explain why the shell script 'qt' ran once
and then got the permission denied message. 

Post the output of: 'ls -l /usr/local/bin/setuidgid'


> I don't know what the qt script is meant to do, but it does run a program
> called "supervise" with a /var/lock/* argument, which seems to imply that
> it is meant to hang around. Are you sure you need to run it twice?
> The error might come from having to competing copies running, but it looks
> like an error message from your shell, implying that your userid doesn't
> have permision to run "setuidgid". With a name like that, it sounds like
> the program should only be run as root, but maybe not.
> 
> > I have also issued the command "telnet localhost 25" and got the following response.
> > Trying 127.0.0.1
> > telnet: Unabel to connect to remote host: Connection refused.
> 1. Does your loopback device exist
> 2. Is it firewalled
> 3. a. Would your hosts.* files let you access it
> 3. b. Can your tcp-wrapper resolv 127.0.0.1?
> 4. Does inetd or equiv let you access smail through that port?
> 5. Is smail actually bound to that port.
> 

The most likely cause of the message 'Unable to connect to remote host:
Connection refused.' is that there is no service process listening on
whichever port number you are trying to use. In the above scenario, that
is port 25, so qmail has obviously terminated.

Any user, not just root, can enable setuid or setgid on a file, if that
user has the right permissions on that file.


> Hope something, somewhere in all this will help you, or at least give you
> some clues.
> 
> -Greg


More information about the plug mailing list