Peter Palmreuther wrote: > Not 'probably', for sure. vchpw ain't able to open a lock > file and therefore refuses to continue writing IP to open-smtp. > >> -rw-r--r-- 1 vpopmail vchkpw 0 Jan 15 15:40 open-smtp >> -rw-r--r-- 1 root wheel 0 Jan 15 01:22 open-smtp.lock > Returning to your problem: in line 188 of your dump I see: > >> 16072 vchkpw CALL geteuid >> 16072 vchkpw RET geteuid 89/0x59 > > So your vchkpw is run as 'vpopmail'. But the lock file is > owned by (and write restricted to) root. I don't see a setuid > call in your run script, so: any of vpopmail binaries set the > setuid bit? What's the output of > > ls -l /home/vpopmail/bin/* > > Any '-u 89' anywhere in your startup script? Any other > possible 'change user ID' mechanism?
Vpopmail: -u 89 Vchkpw: -g 89 observe# ls -l /home/vpopmail/bin/* -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/clearopensmtp -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vaddaliasdomain -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vadddomain -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vadduser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/valias -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vchangepw -rwx--x--x 1 vpopmail vchkpw 73728 Jan 12 12:13 /home/vpopmail/bin/vchkpw -rwx--x--x 1 vpopmail vchkpw 208734 Jan 12 01:08 /home/vpopmail/bin/vchkpw-noroaming -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vconvert -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vdeldomain -rwx--x--x 1 vpopmail vchkpw 73728 Jan 12 12:13 /home/vpopmail/bin/vdelivermail -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vdeloldusers -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vdeluser -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vdominfo -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vipmap -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vkill -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vmkpasswd -rwx--x--x 1 vpopmail vchkpw 77824 Jan 12 12:13 /home/vpopmail/bin/vmoddomlimits -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vmoduser -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vpasswd -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vpopbull -rwx--x--x 1 vpopmail vchkpw 73728 Jan 12 12:13 /home/vpopmail/bin/vqmaillocal -rwx--x--x 1 vpopmail vchkpw 65536 Jan 12 12:13 /home/vpopmail/bin/vsetuserquota -rwx--x--x 1 vpopmail vchkpw 69632 Jan 12 12:13 /home/vpopmail/bin/vuserinfo > Nonetheless you can try to delete open-smtp.lock, maybe (if > '/home/vpopmail/etc' permits UID 89 to create a new file) > this already solves your problem. I've deleted my open-smtp.lock, and I've tried to download emails from pop3-ssl, but my ktrace says the same: [...] 29540 vchkpw NAMI "/home/vpopmail/domains/nesys.it/test/lastauth" 29540 vchkpw RET chown 0 29540 vchkpw CALL gettimeofday(0xcfbfd58c,0) 29540 vchkpw RET gettimeofday 0 29540 vchkpw CALL open(0x833c,0x602,0x1b6) 29540 vchkpw NAMI "/home/vpopmail/etc/open-smtp.lock" 29540 vchkpw RET open -1 errno 13 Permission denied 29540 vchkpw CALL setgid(0x59) 29540 vchkpw RET setgid 0 29540 vchkpw CALL setuid(0x59) 29540 vchkpw RET setuid 0 29540 vchkpw CALL chdir(0x12c22) 29540 vchkpw NAMI "/home/vpopmail/domains/nesys.it/test" 29540 vchkpw RET chdir 0 29540 vchkpw CALL close(0xffffffff) 29540 vchkpw RET close -1 errno 9 Bad file descriptor 29540 vchkpw CALL execve(0xcfbfd9d2,0xcfbfd97c,0x16000) 29540 vchkpw NAMI "/var/qmail/bin/qmail-pop3d" 29540 qmail-pop3d EMUL "native" 29540 qmail-pop3d RET execve 0 29540 qmail-pop3d CALL open(0x10e5,0,0) 29540 qmail-pop3d NAMI "/usr/libexec/ld.so" 29540 qmail-pop3d RET open 3 29540 qmail-pop3d CALL read(0x3,0xcfbfd984,0x20) [...] ... Ooopss ... I've seen now the problem! observe# ls -la total 8 drwxr-xr-x 8 root wheel 512 Jan 12 01:10 . drwxr-xr-x 5 root wheel 512 Dec 11 09:23 .. drwxr-xr-x 2 vpopmail vchkpw 1024 Jan 12 12:13 bin drwxr-xr-x 4 vpopmail vchkpw 512 Jul 15 2003 doc drwx------ 8 vpopmail vchkpw 512 Dec 23 00:45 domains drwxr-xr-x 2 root wheel 512 Jan 15 17:10 etc drwxr-xr-x 2 vpopmail vchkpw 512 Jan 12 12:13 include drwxr-xr-x 2 vpopmail vchkpw 512 Jan 12 12:13 lib The etc directory is the problem, I think. Right? What the right permission? My etc dir: observe# ls -la total 10 drwxr-xr-x 2 root wheel 512 Jan 15 17:10 . drwxr-xr-x 8 root wheel 512 Jan 12 01:10 .. -rw-r--r-- 1 root wheel 25 Jan 12 12:13 inc_deps -rw-r--r-- 1 root wheel 34 Jan 12 12:13 lib_deps -rw-r--r-- 1 vpopmail vchkpw 0 Jan 15 16:40 open-smtp -rw-r--r-- 1 root wheel 454 Jan 12 01:07 tcp.smtp -rw-r--r-- 1 root wheel 2352 Jan 15 17:10 tcp.smtp.cdb -rw-r--r-- 1 vpopmail vchkpw 1107 Jan 12 01:09 vlimits.default Now all's ok? Thanks Andrea
