Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

chmod | 9 comments | Create New Account
Click here to return to the 'chmod' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Authored by: xchanyazy on Apr 22, '02 11:20:21AM

Instead of doing this, you could just chmod g-w /, /etc, /etc/mail. The only problem is that apple seems to reset the permissions on / at every update. Still, as I understand it, it's better to change the directories to group non-writable than it is to add in the DontBlameSendmail stuff.

[ Reply to This | # ]
chmod (aka fix sendmail permission permanently)
Authored by: bluehz on Apr 22, '02 03:32:35PM

I was having lots of problems with the permissions on / being reset on a regular basis and I belive I finally discovered and fixed the culprit. Seems the cron daily task has a line in it that resets the permissions each time back to non-group writable.

I fixed it by opening /private/etc/daily and modifying the line that reads:

touch "${i}" && chmod 600 "${i}"

changed it to:

touch "${i}" && chmod 640 "${i}"

and I have not had any problems since.

Also - you don't necessarily have to "activate" sendmail to get it to work on an "as needed" basis - you just have to fix the permissions as above. A good example if this is the fact that I do not keep sendmail process running all the time - yet the crontab status reports are mailed out as needed by calling sendmail - so it is activated on an "as needed" basis and then retired again.

If you want to delve into the mail server realm I would recommend Postfix and Qpopper instead - supposedly much more secure.

[ Reply to This | # ]
Authored by: vonleigh on Apr 23, '02 05:50:24AM

Another idea is to modify /System/Library/StartupItems/Sendmail/Sendmail and add the following lines:

chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue

Now the permissions get right every time sendmail starts up (actually, put it before the command that starts up sendmail).


[ Reply to This | # ]