【mail错误】RunAsUser for MSP ignored 错误

用本文说的修改sendmail组权限的方法搞定了，不用stop和start sendmail

转自：http://www.cnblogs.com/yonge/articles/2300002.html

sendmail 不知道啥时候又不工作了，上次是 unknown user smmsp ，这回是 RunAsUser for MSP ignored ：

WARNING: RunAsUser for MSP ignored, check group ids (egid=502, want=51)
can not chdir(/var/spool/clientmqueue/): Permission denied
Program mode requires special privileges, e.g., root or TrustedUser.

据说是因为 sendmail 有时候会在对用户/组名进行对应的时候出错，所以需要把 /etc/mail/submit.cf 里面缺省的配置行

O RunAsUser=smmsp

改成直接使用 smmsp 对应的用户/组 ID的形式：

O RunAsUser=51:51

照方抓药，结果是错误依旧。看来这个问题应该是老版本 sendmail 的问题 ... OrZ

Google 来 Google 去，终于找到个新鲜的说法：

It would be worth a careful examination of ${SOURCE}/sendmail/SECURITY,
especially the recommended perms :

--- begin quote ---
-r-xr-sr-x root smmsp ... /PATH/TO/sendmail
drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue
drwx------ root wheel ... /var/spool/mqueue
-r--r--r-- root wheel ... /etc/mail/sendmail.cf
-r--r--r-- root wheel ... /etc/mail/submit.cf

[Notice: On some OS "wheel" is not used but "bin" or "root" instead,
however, this is not important here.]

That is, the owner of sendmail is root, the group is smmsp, and the binary
is set-group-ID. The client mail queue is owned by smmsp with group smmsp
and is group writable. The client mail queue directory must be writable by
smmsp, but it must not be accessible for others. That is, do not use world
read or execute permissions. In submit.cf the option UseMSP must be set,
and QueueFileMode must be set to 0660.
--- end quote ---

检查下来，clientmqueue 和 mqueue 目录的权限都没问题，唯独 sendmail 的主程序经过了几次 link ：

which sendmail
/usr/sbin/sendmail    -> /etc/alternatives/mta
/etc/alternatives/mta -> /usr/sbin/sendmail.sendmail

而这个 /usr/sbin/sendmail.sendmail 的权限竟然是

-rwxr-xr-x 1 root root ... /usr/sbin/sendmail.sendmail

于是

chown root.smmsp /usr/sbin/sendmail.sendmail
chmod g+s /usr/sbin/sendmail.sendmail
/etc/init.d/sendmail stop
/etc/init.d/sendmail start

再尝试发邮件，搞定。

 

yong自己的截图：