NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2000-05

Subject: Re: Problem with spawned command
From: Lutz Jaenicke (Lutz.Jaenickeaet.TU-Cottbus.DE)
Date: Thu May 04 2000 - 04:26:04 CDT

Next message: Jozsef Kadlecsik: "Per user UCE patch, revised"
Previous message: Erik Pras: "Re: Problem with spawned command"
In reply to: Erik Pras: "Re: Problem with spawned command"
Reply: Lutz Jaenicke: "Re: Problem with spawned command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 04, 2000 at 10:12:01AM +0200, Erik Pras wrote:
> On Wed, May 03, 2000 at 08:06:24PM -0700, Patrick J. Lawrence wrote:
> > May 3 16:27:00 crabtree postfix/local[21570]: fatal: setuid(-2): In
> > valid argument
> > May 3 16:27:01 crabtree postfix/local[21569]: 16C3F82AF: to=<ucdirt
> > crabtree.ucdavis.edu>, relay=local, delay=1, status=bounced (Comman
> > d died with status 1: "/opt/request/req-1.2/etc/req-mailgate")
>
> As far as I remember I had the similar error on some 10.20 boxes, which
> had the following NIS entry in the password file:
> +::-2:60001:::
>
> When I replaced this with the following things started to work
> +:*:0:0:::
>
> BTW: these machines were installed via an ignite server, which was setup
> by our former sysadmin, so I have no idea whether this is the default
> HP-UX passwd entry for NIS clients.

+::-2:60001:::

is the default entry for HP-UX. It is intented to be used in the case of
failure of NIS, when somebody tries to enter with "+" as a user name
(if memory serves me right :-).

Well, in any case the original poster should never meet the "-2". I would
rather suspect that his "req-mailgate" command is to be run with something
like "nobody" privileges and the password entry for this user is
nobody:*:-2:....
I had trouble like this with Apache, too. It won't run with the normal
"nobody == -1" setup and I had to create a "nobody1 == 29999" to achive
a similar "nobody" effect without using negative uids.
[The same holds for the group id, so be prepared to realize a "nogroup1"]

serv01 40: grep nobody /etc/passwd
nobody:*:-2:60001::/:
nobody1:*:29999:29999::/:
serv01 41: grep nogroup /etc/group
nogroup:*:-2:
nogroup1:*:29999:

Best regards,
Lutz

-- 
Lutz Jaenicke                             Lutz.Jaenickeaet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

Next message: Jozsef Kadlecsik: "Per user UCE patch, revised"
Previous message: Erik Pras: "Re: Problem with spawned command"
In reply to: Erik Pras: "Re: Problem with spawned command"
Reply: Lutz Jaenicke: "Re: Problem with spawned command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]