open(/var/dcc/map): Permission denied

Vernon Schryver vjs@rhyolite.com
Wed Sep 21 16:45:24 UTC 2011


> From: "Aldo Necci" <necci@dia.uniroma3.it>

> OK. The UID is root and that file is private:
> -rw-------. 1 root root 7668 Sep 21 17:21 /var/dcc/map

> I have done all. But the problem is still there:
> dccproc[9126]: open(/var/dcc/map): Permission denied
>
> The dccproc file is:
> -r-sr-xr-x. 1 root bin 496487 Sep 21 17:21 /usr/local/bin/dccproc

What is the significance of the period (.) after the permission bits?


Just now I tried:
   pax -rzf ...
   cd dcc-1.3.*
   ./configure --homedir=/tmp/dcc --bindir=/tmp/dcc/bin --mandir=/tmp/dcc
   make install

That made:
  -r-sr-xr-x  1 root  wheel  919480 Sep 21 16:18 bin/dccproc*
  -rw-------  1 root  wheel    7668 Sep 21 16:18 map

I see no problems with dccproc:
    % bin/dccproc -C
    asdf: asdf

    asdf
    X-DCC--Metrics: calcite.rhyolite.com 0; Body=1
				reported: 1               checksum
		   Message-ID: d41d8cd9 8f00b204 e9800998 ecf8427e

Does the `cdcc` command also fail?  Cdcc is also installed set-UID
too the --with-uid value.

Is /usr/local/bin be mounted with an option that turns off set-UID
or set-UID=0?

Is it possible that that the dccproc used by SpamAssassin (or
whatever) is not /usr/local/bin/dccproc but some other file such
as /usr/etc/bin/dccproc?   If SpamAssassin is involved, is
SpamAssassin configured to use /usr/local/bin/dccproc?

Are you doing anything with "jails" or chroot in mail processing?

What happens with a manual invocation of dccproc like mine above?

It seems likely that the problem is related to something unique about
your system or DCC installation.  I think there are many installations
of version 1.3.140 using the default setting of root for --with-uid.

   ....


} From: "John R. Levine" <johnl@iecc.com>

} > OK. The UID is root and that file is private:
} > -rw-------. 1 root root 7668 Sep 21 17:21 /var/dcc/map
}
} The dcc process usually runs as user "dcc", so the file should belong to
} dcc, not to root.
}
} This is a familiar problem when an update doesn't work quite right.

Yes, but dccproc runs as "dcc" (or some other user) only after an original
use of `./configure --with-uid=dcc` or a later use of
`/var/dcc/libexec/udpatedcc -c '--with-uid=dcc'`
Many people feel strongly about not running the DCC programs as root,
but many others don't.

In this case, dccproc appears to be set-UID root and /var/dcc/map 
seems to be readable and writable by root.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.