On Wed, 20 Sep 2006 17:29:26 -0700 Frank Cusack fcusack@fcusack.com wrote:
On September 20, 2006 11:10:37 PM +0200 Milan Holzäpfel listen@mjh.name wrote:
Hi.
On Wed, 20 Sep 2006 14:24:25 -0400 Michael Blinn mblinn@peopleplaces.org wrote:
I wonder if this is a permissions problem with the dspam executable. It is
-r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
In case you don't know: this means that the group the dspam executable is running as is changed to mail on execution, and only root or members of the group mail may execute it at all.
Just root. It would need g+r for group mail to execute it.
You can execute an ELF (binary) executable without being able to read it. (Not the case for a perl script e.g., as the interpreter has to read the script, but for such script sticky bits normally don't matter anyway) If the permissions read -r-x--S--- (aka 2500), only root could execute it.
On my system dspam is 02555 root:mail. I don't know if that's the default or if I tweaked it; probably the latter.
Question is whether the mail group is necessary / a good idea / possibly a security risk if anyone may run dspam with that group. As mentioned, not knowing dspam I have no idea on that...
Regards, Milan