On Tue, 2008-08-12 at 12:38 +0300, Jussi Hirvi wrote: > Ralph Angenendt (ra+centos at br-online.de) kirjoitteli (12.8.2008 12:21): > >> Thanks for quick reply. That didn't help yet. The error message in maillog > >> is still the same: "sendmail.pem unsafe: Permission denied". The directory > >> perms are now: > >> [root at mail mail]# ls -ld / /etc /etc/mail /etc/mail/certs > >> drwxr-xr-x 24 root root 4096 Mar 29 2007 / > >> drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc > >> drwxr-xr-x 5 root root 4096 Aug 12 12:14 /etc/mail > >> dr-x------ 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs > > > > IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too > > wide still. > > On another machine (Fecore Core 3, Sendmail 8.13) the /etc/mail perms are > 755 too, and it works - thoug there is no SMTP-AUTH on that machine. > > I tried it, but the error message in maillog persists after Sendmail > restart. The perms are now: > > [root at mail mail]# ls -ld / /etc /etc/mail /etc/mail/certs > drwxr-xr-x 24 root root 4096 Mar 29 2007 / > drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc > drwx------ 5 root root 4096 Aug 12 12:37 /etc/mail > dr-x------ 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs > [root at mail mail]# ls -l /etc/mail/certs/ > total 1924 > -rw------- 1 mail mail 1371 Aug 11 12:15 cacert.pem > -rw------- 1 mail mail 963 Aug 11 12:15 cakey.pem > -rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl > -rw------- 1 mail mail 2258 Aug 11 12:16 sendmail.pem > > I cannot help thinking that this is *not* actually about the permissions - > it must be about something else. In addition to doing 'chmod u-w sendmail.pem', change the ownership to root:root on all of those files... sendmail drops privs down to smmsp by default... -I