まず 何処かの場所で 展開しよう
# pwd /usr/local/src/002_sendmail # ls -l | sed -e 1d -rw------- 1 aruuser users 2010975 Dec 10 22:47 sendmail.8.13.8.tar.gz -rw------- 1 aruuser users 152 Dec 10 22:46 sendmail.8.13.8.tar.gz.sig
いつものぐち 何も ここで やる 必要は 無いのだけれど また root さんが やる必要も 無 いようなのですが ということで
# df Filesystem 1k-blocks Used Available Use% Mounted on /dev/sda5 4960464 3037328 1667088 65% / /dev/sda8 2822080 1311320 1367404 49% /var/data # tar zxvf sendmail.8.13.8.tar.gz 2>&1 | tee untar_send # df Filesystem 1k-blocks Used Available Use% Mounted on /dev/sda5 4960464 3045892 1658524 65% / /dev/sda8 2822080 1311324 1367400 49% /var/data # ls sendmail-8.13.8/ sendmail.8.13.8.tar.gz sendmail.8.13.8.tar.gz.sig untar_send
展開が終わったので 出来た ディレクトリに 移動して 少し 見ておこう
# cd sendmail-8.13.8/ # ls Build* Makefile devtools/ libsmdb/ rmail/ CACerts PGPKEYS doc/ libsmutil/ sendmail/ FAQ README editmap/ mail.local/ smrsh/ INSTALL RELEASE_NOTES include/ mailstats/ test/ KNOWNBUGS cf/ libmilter/ makemap/ vacation/ LICENSE contrib/ libsm/ praliases/
まず README の 抜粋
1. Read this README file, especially this introduction, and the DIRECTORY
PERMISSIONS sections.
2. Read the INSTALL file in this directory.
3. Read sendmail/README, especially:
a. the introduction
b. the BUILDING SENDMAIL section
c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
You may also find these useful:
d. sendmail/SECURITY
e. devtools/README
f. devtools/Site/README
g. libmilter/README
h. mail.local/README
i. smrsh/README
4. Read cf/README.
...
+-----------------------+
| DIRECTORY PERMISSIONS |
+-----------------------+
Sendmail often gets blamed for many problems that are actually the
result of other problems, such as overly permissive modes on directories.
For this reason, sendmail checks the modes on system directories and
files to determine if they can be trusted. For sendmail to run without
complaining, you MUST execute the following command:
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
You will probably have to tweak this for your environment (for example,
some systems put the spool directory into /usr/spool instead of
/var/spool). If you set the RunAsUser option in your sendmail.cf, the
/var/spool/mqueue directory will have to be owned by the RunAsUser user.
As a general rule, after you have compiled sendmail, run the command
sendmail -v -bi
to initialize the alias database. If it gives messages such as
WARNING: writable directory /etc
WARNING: writable directory /var/spool/mqueue
then the directories listed have inappropriate write permissions and
should be secured to avoid various possible security attacks.
...
...
TrustedUser option. Changing the permissions to be only readable and
writable by that user is sufficient to avoid the denial of service.
For example, depending on the paths you use, these commands would be
used:
chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
chmod 0640 /etc/mail/*.{db,pag,dir}
chmod 0640 /etc/mail/statistics /var/log/sendmail.st
chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
If the permissions 0640 are used, be sure that only trusted users belong
to the group assigned to those files. Otherwise, files should not even
be group readable. As of sendmail 8.12.4, the permissions shown above
are the default permissions for newly created files.
...
最後に sendmail-8.13.8/README は このようなもの 上記は 抜粋 ということです。ただ 見ただけで 内容を 理解しているわけでは ありません。
にゃんたろう 拝!
2006年12月12日 (火) 21:48:15 JST 作成