Debugging Sendmail Permission Issues

(Doc ID 1001806.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 8.0 to 11.1 [Release 8.0 to 11.0]
All Platforms
***Checked for relevance on 21-May-2014***

Goal

Sendmail may fail to start if bad file (directory) permissions are detected, generating "file class: cannot open : Group writable directory" messages in /var/adm/messages or /var/log/syslog and the /var/svc/log/network-smtp:sendmail.log (Solaris 10 and above) file.

In case sendmail is being used on Solaris 10 or above its SMF service may be in maintenance mode.

Examples:

Extract of /var/adm/messages or /var/log/syslog :

...
Jan 30 03:17:34 oma3s025 sendmail[8608]: [ID 801593 mail.crit] NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 561: fileclass: cannot open '/etc/mail/trusted-users': Group writable directory
Jan 25 10:19:44 oma3s025 sendmail[6906]: [ID 801593 mail.crit] NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 80: fileclass: cannot open '/etc/mail/local-host-names': Group writable directory
...

Extract of /var/svc/log/network-smtp:sendmail.log :

...
451 4.0.0 /etc/mail/sendmail.cf: line 80: fileclass: cannot open '/etc/mail/local-host-names': World writable directory
451 4.0.0 /etc/mail/sendmail.cf: line 572: fileclass: cannot open '/etc/mail/trusted-users': World writable directory
[ Dec 2 13:33:55 Stopping because all processes in service exited. ]
[ Dec 2 13:33:55 Executing stop method ("/lib/svc/method/smtp-sendmail stop 631") ]
[ Dec 2 13:33:55 Method "stop" exited with status 0 ]
[ Dec 2 13:33:56 Executing start method ("/lib/svc/method/smtp-sendmail start") ]
/etc/mail/sendmail.cf: line 80: fileclass: cannot open '/etc/mail/local-host-names': World writable directory
/etc/mail/sendmail.cf: line 572: fileclass: cannot open '/etc/mail/trusted-users': World writable directory
WARNING: World writable directory /
[ Dec 2 13:33:56 Method "start" exited with status 0 ]
...

Beginning with version 8.9.0, sendmail has tightened the rules used for opening files. Sendmail now checks the modes and ownership of the files and the directory path leading up to that file to prevent users from taking advantage of overly permissive modes on directories and files.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms