Message-ID:

You recoil from the crude; you tend naturally toward the exquisite.

comp / comp.mail.sendmail / Re: key / crt permissions constantly

Subject: key / crt permissions constantly
From: none
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Mon, 29 Jul 2024 10:55 UTC

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (none)
Newsgroups: comp.mail.sendmail
Subject: key / crt permissions constantly
Date: Mon, 29 Jul 2024 12:55:00 +0200
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <v87se5$eupk$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 29 Jul 2024 12:55:02 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="2f17a179b740586db49985d307eccd90";
logging-data="490292"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/dJ5K7L12PhsBNC1ZCzIZDxYmESpnBeo+VEWqwCXpsnQ=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:ww6pNYOFxfNnICNYHQto37OGBlo=
Content-Language: en-GB

View all headers

I don't really get why I am confronted with sendmail thinking it knows
better how I should put permissions on my key and crt files.

Why do I even get this error, while the permissions are just fine

file /home/acme/test.cer unsafe: Permission denied

-rw-r-----+ 1 acme acme 1972 Jul 29 00:10 test.cer
and
-rw-r--r--+ 1 acme acme 1972 Jul 29 00:10 test.cer
and
-rw-r--r--+ 1 acme root 1972 Jul 29 00:10 test.cer

Besides that, who cares about certs, these are even distributed unsecurly.

How can I turn of any permissions checks on key/crt files

(I already have this
define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl )

Subject: Re: key / crt permissions constantly
From: Marco Moock
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Mon, 29 Jul 2024 12:10 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mm+usenet-es@dorfdsl.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 14:10:35 +0200
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <v880rs$flti$1@dont-email.me>
References: <v87se5$eupk$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 29 Jul 2024 14:10:36 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="e7234cf4da8b9d5b8730a8db88ee0887";
logging-data="513970"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18QL8V3PnqiAfi+Qdzw5cEu"
Cancel-Lock: sha1:tNF9ufOs8M052ev/2pkMvXRD260=

View all headers

On 29.07.2024 um 12:55 Uhr none wrote:

> I don't really get why I am confronted with sendmail thinking it
> knows better how I should put permissions on my key and crt files.

Sometimes users have default permissions of o+r, which means other
users on the system can read the stuff. For key files, this is really,
really bad, so sendmail warns you.

What is the message you receive in your case here?
Doesn't the confDONT_BLAME_SENDMAIL stop emitting that error?

--
kind regards
Marco

Send spam to 1722250500muell@cartoonies.org

Subject: Re: key / crt permissions constantly
From: none
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Mon, 29 Jul 2024 13:28 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (none)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 15:28:07 +0200
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <16f7ab3b-bcbd-4087-abf8-591bb81c43ea@tormails.com>
References: <v87se5$eupk$1@dont-email.me> <v880rs$flti$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 29 Jul 2024 15:28:09 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="2f17a179b740586db49985d307eccd90";
logging-data="538158"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+q14Q9iymCCAjP7daRLnREyfPiUrMyRUwMTq50BSCQiQ=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:ClZ8kHLfKKSqaxlEIBNnvLoJfO4=
Content-Language: en-GB
In-Reply-To: <v880rs$flti$1@dont-email.me>

View all headers

>
>> I don't really get why I am confronted with sendmail thinking it
>> knows better how I should put permissions on my key and crt files.
>
> Sometimes users have default permissions of o+r, which means other
> users on the system can read the stuff. For key files, this is really,
> really bad, so sendmail warns you.
>
> What is the message you receive in your case here?
> Doesn't the confDONT_BLAME_SENDMAIL stop emitting that error?
>

If I search on this, I only find this argument are there more options I
can give it? I assume from this option name that it is only related to
key files.
define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl

Subject: Re: key / crt permissions constantly
From: HQuest
Newsgroups: comp.mail.sendmail
Organization: novaBBS
Date: Mon, 29 Jul 2024 15:26 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!weretis.net!feeder9.news.weretis.net!news.nk.ca!rocksolid2!i2pn2.org!.POSTED!not-for-mail
From: hquest@hquest.pro.br (HQuest)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 15:26:21 +0000
Organization: novaBBS
Message-ID: <606e8453d9bc0d885f51bd47750b77ce@www.novabbs.com>
References: <v87se5$eupk$1@dont-email.me> <v880rs$flti$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org;
logging-data="774921"; mail-complaints-to="usenet@i2pn2.org";
posting-account="2XJ8hjIEUuziWBqN+XBS7yv7yfwqQ5GdIjLva+fAx2c";
User-Agent: Rocksolid Light
X-Rslight-Posting-User: 3d3517e5dd24387fdf8da64199401ea731577ab2
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Rslight-Site: $2y$10$ReyIsNVyOZQDt2Af.6Vw/OhnIDfYgDs8jOfU6eoSl2nv9CV.JY7wi

View all headers

On Mon, 29 Jul 2024 12:10:35 +0000, Marco Moock wrote:

> Sometimes users have default permissions of o+r, which means other
> users on the system can read the stuff. For key files, this is really,
> really bad, so sendmail warns you.

Might be bad but this is also a problem when you have multiple daemons
running under different users/groups and they share one single
certificate and key, hence the reason for a o+r file. Sure, one can copy
those files everywhere on the filesystem and set up their permissions to
fit the application, but is this copy everywhere really the best
alternative?

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mm+usenet-es@dorfdsl.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 17:31:09 +0200
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <v88cju$h24u$1@dont-email.me>
References: <v87se5$eupk$1@dont-email.me>
<v880rs$flti$1@dont-email.me>
<16f7ab3b-bcbd-4087-abf8-591bb81c43ea@tormails.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 29 Jul 2024 17:31:10 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="e7234cf4da8b9d5b8730a8db88ee0887";
logging-data="559262"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+LIsB8e5GEmdTsxHfFlRuj"
Cancel-Lock: sha1:V4tcxi7l/jqrR3TbRuUzL2um2Uc=

View all headers

On 29.07.2024 um 15:28 Uhr none wrote:

> If I search on this, I only find this argument are there more options
> I can give it? I assume from this option name that it is only related
> to key files.
> define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl

define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')

Dunno if that is case-sensitive, maybe check that.

--
kind regards
Marco

Send spam to 1722259687muell@cartoonies.org

Subject: Re: key / crt permissions constantly
From: Claus Aßmann
Newsgroups: comp.mail.sendmail
Organization: MGT Consulting
Date: Mon, 29 Jul 2024 16:37 UTC
References: 1 2 3 4

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!weretis.net!feeder9.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 12:37:42 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <v88ggm$bct$1@news.misty.com>
References: <v87se5$eupk$1@dont-email.me> <v880rs$flti$1@dont-email.me> <16f7ab3b-bcbd-4087-abf8-591bb81c43ea@tormails.com> <v88cju$h24u$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 29 Jul 2024 16:37:42 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="11677"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)

View all headers

Marco Moock wrote:

> define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')

> Dunno if that is case-sensitive, maybe check that.

(currently) it's not (grep GroupReadableKeyFile *.[ch] won't
even find a match in the source code).

Subject: Re: key / crt permissions constantly
From: Claus Aßmann
Newsgroups: comp.mail.sendmail
Organization: MGT Consulting
Date: Mon, 29 Jul 2024 17:51 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.quux.org!weretis.net!feeder9.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 13:51:22 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <v88kqq$gh3$1@news.misty.com>
References: <v87se5$eupk$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 29 Jul 2024 17:51:22 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="16931"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)

View all headers

none wrote:

> -rw-r--r--+ 1 acme root 1972 Jul 29 00:10 test.cer

Do you use that file as
KeyFile
File containing the private key for the certificate.

> Besides that, who cares about certs, these are even distributed unsecurly.

The error isn't about a cert, it's about "the private key".

> (I already have this
> define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl )

A "private key" shouldn't be readable by everyone.

If you need to "share" a private key between instances,
use group permissions.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (none)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 19:58:59 +0200
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <v88l95$jbai$1@dont-email.me>
References: <v87se5$eupk$1@dont-email.me> <v880rs$flti$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 29 Jul 2024 19:59:01 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="2f17a179b740586db49985d307eccd90";
logging-data="634194"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/SK/TSWbdq0SvRL8xM/toJyoQRaT26YonItZkSr/S9CQ=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:6KS5xancB1cC3z0R8Y6YZcrLlIA=
Content-Language: en-GB
In-Reply-To: <v880rs$flti$1@dont-email.me>

View all headers

:
>
>> I don't really get why I am confronted with sendmail thinking it
>> knows better how I should put permissions on my key and crt files.
>
> Sometimes users have default permissions of o+r, which means other
> users on the system can read the stuff. For key files, this is really,
> really bad, so sendmail warns you.
>

Currently it is about the cert, which everyone can download remotely.

If it was a warning I would not care, currently it stops using tls/ssl
(a bit older sendmail instance, still need to update this distro)

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (none)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Mon, 29 Jul 2024 21:29:17 +0200
Organization: A noiseless patient Spider
Lines: 37
Message-ID: <v88qie$k7rl$1@dont-email.me>
References: <v87se5$eupk$1@dont-email.me> <v88kqq$gh3$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 29 Jul 2024 21:29:19 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="2f17a179b740586db49985d307eccd90";
logging-data="663413"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18pt2qClJmJWwt0ox452oX/9WQ8Fvs/6TsrULRg7akVJQ=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:OovzOl8m5wF8h5/sD+Jm4mIf4Eg=
Content-Language: en-GB
In-Reply-To: <v88kqq$gh3$1@news.misty.com>

View all headers

>
>> -rw-r--r--+ 1 acme root 1972 Jul 29 00:10 test.cer
>
> Do you use that file as
> KeyFile
> File containing the private key for the certificate.

No is also the certificate (unless that changed in recent versions)

>> Besides that, who cares about certs, these are even distributed unsecurly.
>
> The error isn't about a cert, it's about "the private key".

No because I was only changing permissions on the cert (unless it is
changed in newer distros) But I think I saw this behaviour also on
newer. Basically I can imagine maybe giving a warning on the key being
o+r but that also depends on parent dirs.
I also don't get why the owner needs to be root.

>> (I already have this
>> define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl )
>
> A "private key" shouldn't be readable by everyone.

My private key and cert are separate files.

> If you need to "share" a private key between instances,
> use group permissions.
>

Sendmail is reading keys/certs as root not? Before it drops privileges.

Anyway I prefer to see something where it is guaranteed that key and
cert are loaded and used no matter what. I don't think it is any
applications business to force how permissions are set on key/crt files.

Subject: Re: key / crt permissions constantly
From: Claus Aßmann
Newsgroups: comp.mail.sendmail
Organization: MGT Consulting
Date: Tue, 30 Jul 2024 07:12 UTC
References: 1 2 3

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!weretis.net!feeder9.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Tue, 30 Jul 2024 03:12:36 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <v8a3p4$a6v$1@news.misty.com>
References: <v87se5$eupk$1@dont-email.me> <v88kqq$gh3$1@news.misty.com> <v88qie$k7rl$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 30 Jul 2024 07:12:36 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="10463"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)

View all headers

none wrote:

> No is also the certificate (unless that changed in recent versions)

It's time to get some real information...
What are the settings in your .cf file?

egrep -i '^O *[^ ]*(Cert|Key)File' /etc/mail/*cf

Subject: Re: key / crt permissions constantly
From: none
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Wed, 31 Jul 2024 20:47 UTC
References: 1 2 3 4

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (none)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Wed, 31 Jul 2024 22:47:21 +0200
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <v8e7sp$1oib7$1@dont-email.me>
References: <v87se5$eupk$1@dont-email.me> <v88kqq$gh3$1@news.misty.com>
<v88qie$k7rl$1@dont-email.me> <v8a3p4$a6v$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 31 Jul 2024 22:47:21 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="06919958e122ba296d1072032a6e3d50";
logging-data="1853799"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18iKcmbvW8Jk2QA5yAcIz1rLJE4WqqucXpD0bpbLyAGgQ=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:QnmY2L9nqu7al0yCH3aHA13ELXU=
In-Reply-To: <v8a3p4$a6v$1@news.misty.com>
Content-Language: en-GB

View all headers

> egrep -i '^O *[^ ]*(Cert|Key)File'/etc/mail/*cf

/etc/mail/sendmail.cf:O DontBlameSendmail=groupreadablekeyfile
/etc/mail/sendmail.cf:O CACertFile=/etc/pki/tls/certs/ca-bundle.crt
/etc/mail/sendmail.cf:O ServerCertFile=/home/acme/......cer
/etc/mail/sendmail.cf:O ServerKeyFile=/home/acme/.......key

Subject: Re: key / crt permissions constantly
From: Claus Aßmann
Newsgroups: comp.mail.sendmail
Organization: MGT Consulting
Date: Thu, 1 Aug 2024 06:31 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.quux.org!weretis.net!feeder9.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Thu, 1 Aug 2024 02:31:14 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <v8fa3i$k8l$1@news.misty.com>
References: <v87se5$eupk$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 1 Aug 2024 06:31:14 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="20757"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)

View all headers

none wrote:

> file /home/acme/test.cer unsafe: Permission denied

Which command triggers this error?
Please show the full command and the full logfile entry.
What are the permission/owner/group of the involved directories
( / /home /home/acme )?

Subject: Re: key / crt permissions constantly
From: none
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Thu, 1 Aug 2024 09:32 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (none)
Newsgroups: comp.mail.sendmail
Subject: Re: key / crt permissions constantly
Date: Thu, 1 Aug 2024 11:32:39 +0200
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <v8fknp$23nhb$1@dont-email.me>
References: <v87se5$eupk$1@dont-email.me> <v8fa3i$k8l$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 01 Aug 2024 11:32:41 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="f23e8d4e03520b2c935b88295b7994a7";
logging-data="2219563"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Dp+dukBYIITNn1rnB/0bNCj8tnvfdsXxA5XE1hRjo+Q=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:NUjuJzCQY0ioDpjYzCjdBF1IoR4=
In-Reply-To: <v8fa3i$k8l$1@news.misty.com>
Content-Language: en-GB

View all headers

>> file /home/acme/test.cer unsafe: Permission denied
>
> Which command triggers this error?
> Please show the full command and the full logfile entry.
> What are the permission/owner/group of the involved directories
> ( / /home /home/acme )?

I think I should do this again with an el9 version, I don't want to
waste anyone's time on details with something old.

I was more thinking about a general topic where users can just turn
these checks of and have sendmail just trust the groups / acls that it
has been given.
I don't think I have seen these checks with eg apache. This is more like
a design question, wether or not this is the responsibility of the
application or user.
Even if you have o+w files, if they are in a parent folder with o-rwx it
does not really matter.

Subject	Author
key / crt permissions constantly	none
Re: key / crt permissions constantly	Marco Moock
Re: key / crt permissions constantly	none
Re: key / crt permissions constantly	Marco Moock
Re: key / crt permissions constantly	Claus Aßmann
Re: key / crt permissions constantly	HQuest
Re: key / crt permissions constantly	none
Re: key / crt permissions constantly	Claus Aßmann
Re: key / crt permissions constantly	none
Re: key / crt permissions constantly	Claus Aßmann
Re: key / crt permissions constantly	none
Re: key / crt permissions constantly	Claus Aßmann
Re: key / crt permissions constantly	none