From: Nicole Skyrca (nskyrca@syr.edu)
Date: Wed Aug 08 2007 - 10:35:58 EDT
Hello,
We have a perl (v 5.8.4) script that gets executed when users send email
to an email alias on a Solaris 10 machine. This script uses Oracle
modules (dbd-oracle 1.19) to access an Oracle 10 database. We are
having problems getting this script to work with the alias.
The user who I'm helping said that the script ran ok as root from the
command line, but not with the alias.
The alias for it in /etc/aliases is as follows:
eg: "|/apps/syrApps/egate/bin/eg.pl"
To test, I did a truss on the sendmail process and the processes it
forks, and sent email to the alias. Right after the call to the
DBD:Oracle module, I saw an error "
Err#13 EACCES [file_dac_search]" for the files
/apps/oracle/product/10.2.0/lib/libclntsh.so.10.1 and
/apps/oracle/product/10.2.0/lib32/libclntsh.so.10.1.
The "file_dac_search" indicates a permission problem. Both of these lib
directories have permissions 750. So, I temporarily changed
/apps/oracle/product/10.2.0/lib/ to 755, ran another test, and saw
different output for that call in truss, but still an error for the
lib32 directory. If we change the permissions of all of the files in
the the Oracle client install directory to 775, sending email to the
alias works.
Obviously that is not a good solution. I tried putting the sendmail
"smmsp" user in the "oinstall" group, but that did not help. I think the
problem might have to do with the Solaris 10 principle of least
privileges or role based access control, but I'm not sure. I just
started reading about these and am not familiar with them.
Does anyone have any suggestions on how to fix this?
Thanks,
Nicole
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:11 EDT