search

smtpd / qpsmtpd

qpsmtpd is a flexible smtpd daemon written in Perl
http://smtpd.github.io/qpsmtpd/
MIT License
138 stars 75 forks source link

Permission denied when running as non-root user #306

Closed STOIE closed 1 year ago

STOIE commented 2 years ago

Hi all,

Sorry about the incredibly generic title, but I really do hope there is something generic that I'm missing which is causing this. First, what I'm running:

Oracle Linux 8.6 SElinux enabled enforcing (but have also tried disabled)

I have qpsmtpd running with the following:

/usr/bin/perl -I/opt/qpsmtpd/lib -Tw /opt/qpsmtpd/qpsmtpd-forkserver --detach -p 2525 -l 127.0.0.1 -m 500 --user root --pid-file /run/qpsmtpd.pid

However, if I try to run it as a non-root user, eg. postfix, I get permission denied as per below (this is with full debug enabled).

Things I have tried, as mentioned checking audit.log and find no denied errors (I mean there were originally some that I have worked through), audit2allow -a is much the same. I've changed pems (recursively) on the /usr/share/perl5/vendor_perl/Net directory to 777 to no avail, so switched back. I've then done the same chmod -R 777 on /usr/share/perl5/vendor_perl still no dice - switched back.

I also tried copying the /usr/share/perl5/vendor_perl/Net directory and placing it under /opt/qpsmtpd/lib as that is specified as a lib location as you can see from my forkserver line above, paths in the error message below change to /opt/qpsmtpd/lib, but still the exact same error.

I've looked into the FATAL PROGRAM ERROR bug and can't see anything I can really do there or why I'm having the issue I am (also considering root works... I think it's unrelated).

I also ran a lsof with the qpsmtpd service stopped, then again with it running and have diffed the two outputs, but nothing obvious stands out... output is also included below.

I'm pretty much out of ideas, any help would be appreciated.

***  FATAL PROGRAM ERROR!!      Unknown instance method 'size'
***  which the program has attempted to call for the object:
***
.       IN      OPT      ; no data
***
***  THIS IS A BUG IN THE CALLING SOFTWARE, which incorrectly assumes
***  that the object would be of a particular type.  The type of an
***  object should be checked before calling any of its methods.
***
Can't locate Net/DNS/RR/OPT.pm:   lib/Net/DNS/RR/OPT.pm: Permission denied at (eval 46) line 1.
Net::DNS::RR 1611 at /usr/share/perl5/vendor_perl/Net/DNS/Resolver/Base.pm line 1013.
 Net::DNS::Resolver::Base::_make_query_packet(Net::DNS::Resolver=HASH(0x5637a206d560), "127.0.0.1", "PTR") called at /usr/share/perl5/vendor_perl/Net/DNS/Resolver/Base.pm line 406
 Net::DNS::Resolver::Base::send(Net::DNS::Resolver=HASH(0x5637a206d560), "127.0.0.1", "PTR") called at /usr/share/perl5/vendor_perl/Net/DNS/Resolver/Base.pm line 378
 Net::DNS::Resolver::Base::query(Net::DNS::Resolver=HASH(0x5637a206d560), "127.0.0.1", "PTR") called at /opt/qpsmtpd/lib/Qpsmtpd/Base.pm line 108
 Qpsmtpd::Base::resolve_ptr(Qpsmtpd::Base=HASH(0x5637a1ea6360), "127.0.0.1") called at /opt/qpsmtpd/lib/Qpsmtpd/TcpServer.pm line 198
 Qpsmtpd::TcpServer::tcpenv(Qpsmtpd::TcpServer=HASH(0x5637a1fc25f8), "127.0.0.1", "127.0.0.1") called at /opt/qpsmtpd/qpsmtpd-forkserver line 304

lsof diff, running qpsmtpd as root to try and see what qpsmtpd is touching:

# diff /tmp/lsof_stopped /tmp/lsof_started |grep -v lsof
778c778
< auditd        951                      root    6w      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> auditd        951                      root    6w      REG              252,3   4140877        157 /var/log/audit/audit.log
817c817
< auditd        951     952 auditd       root    6w      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> auditd        951     952 auditd       root    6w      REG              252,3   4140877        157 /var/log/audit/audit.log
856c856
< auditd        951     954 auditd       root    6w      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> auditd        951     954 auditd       root    6w      REG              252,3   4140877        157 /var/log/audit/audit.log
2367a2368
> sssd_nss     1025                      root   53u     unix 0xffff9ba6990a6400       0t0   32424851 /var/lib/sss/pipes/nss type=STREAM
3489c3490
< splunkd      1166                      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166                      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
3578c3579
< splunkd      1166    1186 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1186 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
3667c3668
< splunkd      1166    1193 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1193 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
3756c3757
< splunkd      1166    1244 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1244 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
3845c3846
< splunkd      1166    1265 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1265 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
3934c3935
< splunkd      1166    1517 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1517 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4023c4024
< splunkd      1166    1518 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1518 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4112c4113
< splunkd      1166    1520 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1520 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4201c4202
< splunkd      1166    1521 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1521 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4290c4291
< splunkd      1166    1522 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1522 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4379c4380
< splunkd      1166    1523 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1523 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4468c4469
< splunkd      1166    1526 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1526 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4557c4558
< splunkd      1166    1527 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1527 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4646c4647
< splunkd      1166    1536 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1536 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4735c4736
< splunkd      1166    1537 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1537 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4824c4825
< splunkd      1166    1538 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1538 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
4913c4914
< splunkd      1166    1541 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1541 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5002c5003
< splunkd      1166    1545 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1545 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5091c5092
< splunkd      1166    1553 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1553 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5180c5181
< splunkd      1166    1560 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1560 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5269c5270
< splunkd      1166    1562 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1562 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5358c5359
< splunkd      1166    1563 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1563 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5447c5448
< splunkd      1166    1564 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1564 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5536c5537
< splunkd      1166    1568 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1568 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5625c5626
< splunkd      1166    1569 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1569 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5714c5715
< splunkd      1166    1572 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1572 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5803c5804
< splunkd      1166    1573 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1573 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5892c5893
< splunkd      1166    1579 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1579 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
5981c5982
< splunkd      1166    1588 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1588 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6070c6071
< splunkd      1166    1595 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1595 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6159c6160
< splunkd      1166    1604 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1604 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6248c6249
< splunkd      1166    1606 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1606 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6337c6338
< splunkd      1166    1621 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1621 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6426c6427
< splunkd      1166    1638 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1638 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6515c6516
< splunkd      1166    1645 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1645 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6604c6605
< splunkd      1166    1652 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1652 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6693c6694
< splunkd      1166    1657 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1657 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6782c6783
< splunkd      1166    1664 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1664 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6871c6872
< splunkd      1166    1665 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1665 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
6960c6961
< splunkd      1166    1672 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1672 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
7049c7050
< splunkd      1166    1673 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    1673 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
7138c7139
< splunkd      1166    3044 splunkd      root   46r      REG              252,3   4140619        157 /var/log/audit/audit.log
---
> splunkd      1166    3044 splunkd      root   46r      REG              252,3   4140877        157 /var/log/audit/audit.log
7299c7300
< rsyslogd    44075                      root   12w      REG              252,3   4308360        804 /var/log/messages
---
> rsyslogd    44075                      root   12w      REG              252,3   4309780        804 /var/log/messages
7301c7302
< rsyslogd    44075                      root   14w      REG              252,3    614472        811 /var/log/qpsmtpd/qpsmtpd.log
---
> rsyslogd    44075                      root   14w      REG              252,3    614864        811 /var/log/qpsmtpd/qpsmtpd.log
7363c7364
< rsyslogd    44075   44076 in:imklog    root   12w      REG              252,3   4308360        804 /var/log/messages
---
> rsyslogd    44075   44076 in:imklog    root   12w      REG              252,3   4309780        804 /var/log/messages
7365c7366
< rsyslogd    44075   44076 in:imklog    root   14w      REG              252,3    614472        811 /var/log/qpsmtpd/qpsmtpd.log
---
> rsyslogd    44075   44076 in:imklog    root   14w      REG              252,3    614864        811 /var/log/qpsmtpd/qpsmtpd.log
7427c7428
< rsyslogd    44075   44077 in:imuxso    root   12w      REG              252,3   4308360        804 /var/log/messages
---
> rsyslogd    44075   44077 in:imuxso    root   12w      REG              252,3   4309780        804 /var/log/messages
7429c7430
< rsyslogd    44075   44077 in:imuxso    root   14w      REG              252,3    614472        811 /var/log/qpsmtpd/qpsmtpd.log
---
> rsyslogd    44075   44077 in:imuxso    root   14w      REG              252,3    614864        811 /var/log/qpsmtpd/qpsmtpd.log
7491c7492
< rsyslogd    44075   44078 in:imjour    root   12w      REG              252,3   4308360        804 /var/log/messages
---
> rsyslogd    44075   44078 in:imjour    root   12w      REG              252,3   4309780        804 /var/log/messages
7493c7494
< rsyslogd    44075   44078 in:imjour    root   14w      REG              252,3    614472        811 /var/log/qpsmtpd/qpsmtpd.log
---
> rsyslogd    44075   44078 in:imjour    root   14w      REG              252,3    614864        811 /var/log/qpsmtpd/qpsmtpd.log
7555c7556
< rsyslogd    44075   44079 imudp(w0)    root   12w      REG              252,3   4308360        804 /var/log/messages
---
> rsyslogd    44075   44079 imudp(w0)    root   12w      REG              252,3   4309780        804 /var/log/messages
7557c7558
< rsyslogd    44075   44079 imudp(w0)    root   14w      REG              252,3    614472        811 /var/log/qpsmtpd/qpsmtpd.log
---
> rsyslogd    44075   44079 imudp(w0)    root   14w      REG              252,3    614864        811 /var/log/qpsmtpd/qpsmtpd.log
7619c7620
< rsyslogd    44075   44080 rs:main      root   12w      REG              252,3   4308360        804 /var/log/messages
---
> rsyslogd    44075   44080 rs:main      root   12w      REG              252,3   4309780        804 /var/log/messages
7621c7622
< rsyslogd    44075   44080 rs:main      root   14w      REG              252,3    614472        811 /var/log/qpsmtpd/qpsmtpd.log
---
> rsyslogd    44075   44080 rs:main      root   14w      REG              252,3    614864        811 /var/log/qpsmtpd/qpsmtpd.log
10332,10380c10333,10430
---
> perl       290721                      root  cwd       DIR              252,0      4096          2 /
> perl       290721                      root  rtd       DIR              252,0      4096          2 /
> perl       290721                      root  txt       REG              252,0     12616      21728 /usr/bin/perl
> perl       290721                      root  mem       REG              252,3   6940392     263300 /var/lib/sss/mc/group
> perl       290721                      root  mem       REG              252,0     20216     274953 /usr/lib64/perl5/vendor_perl/auto/Sys/Syslog/Syslog.so
> perl       290721                      root  mem       REG              252,0    543304       4835 /usr/lib64/libpcre2-8.so.0.7.1
> perl       290721                      root  mem       REG              252,0    168000       2536 /usr/lib64/libselinux.so.1
> perl       290721                      root  mem       REG              252,0     33464       3263 /usr/lib64/libuuid.so.1.3.0
> perl       290721                      root  mem       REG              252,0    343624      15976 /usr/lib64/libblkid.so.1.1.0
> perl       290721                      root  mem       REG              252,0    103784       1333 /usr/lib64/libgcc_s-8-20210514.so.1
> perl       290721                      root  mem       REG              252,0    371408      16062 /usr/lib64/libmount.so.1.1.0
> perl       290721                      root  mem       REG              252,0     33752       3492 /usr/lib64/libcap.so.2.48
> perl       290721                      root  mem       REG              252,0    918952      16069 /usr/lib64/libnss_systemd.so.2
> perl       290721                      root  mem       REG              252,3   9253600     263299 /var/lib/sss/mc/passwd
> perl       290721                      root  mem       REG              252,0     46320      16909 /usr/lib64/libnss_sss.so.2
> perl       290721                      root  mem       REG              252,0     16048     272602 /usr/lib64/perl5/vendor_perl/auto/MIME/Base64/Base64.so
> perl       290721                      root  mem       REG              252,0     20224     277349 /usr/lib64/perl5/vendor_perl/auto/Digest/MD5/MD5.so
> perl       290721                      root  mem       REG              252,0    575072     273617 /usr/lib64/perl5/auto/re/re.so
> perl       290721                      root  mem       REG              252,0     20304     273601 /usr/lib64/perl5/vendor_perl/auto/Cwd/Cwd.so
> perl       290721                      root  mem       REG              252,0     42744       2602 /usr/lib64/librt-2.28.so
> perl       290721                      root  mem       REG              252,0     32424     274732 /usr/lib64/perl5/vendor_perl/auto/Time/HiRes/HiRes.so
> perl       290721                      root  mem       REG              252,0      7648     274320 /usr/lib64/perl5/auto/Sys/Hostname/Hostname.so
> perl       290721                      root  mem       REG              252,0    111216     272610 /usr/lib64/perl5/vendor_perl/auto/Storable/Storable.so
> perl       290721                      root  mem       REG              252,0     45808     273518 /usr/lib64/perl5/vendor_perl/auto/Encode/Encode.so
> perl       290721                      root  mem       REG              252,0     53240     273549 /usr/lib64/perl5/vendor_perl/auto/List/Util/Util.so
> perl       290721                      root  mem       REG              252,0     54352       2275 /usr/lib64/libnss_files-2.28.so
> perl       290721                      root  mem       REG              252,0     20184     273587 /usr/lib64/perl5/auto/IO/IO.so
> perl       290721                      root  mem       REG              252,0     50472     272631 /usr/lib64/perl5/vendor_perl/auto/Socket/Socket.so
> perl       290721                      root  mem       REG              252,0    111048     274306 /usr/lib64/perl5/auto/POSIX/POSIX.so
> perl       290721                      root  mem       REG              252,0     24120     274283 /usr/lib64/perl5/auto/Fcntl/Fcntl.so
> perl       290721                      root  mem       REG              252,0 217800224       2132 /usr/lib/locale/locale-archive
> perl       290721                      root  mem       REG              252,0   2089152       2263 /usr/lib64/libc-2.28.so
> perl       290721                      root  mem       REG              252,0     17024       3095 /usr/lib64/libutil-2.28.so
> perl       290721                      root  mem       REG              252,0    136032       3126 /usr/lib64/libcrypt.so.1.1.0
> perl       290721                      root  mem       REG              252,0   1598776       2529 /usr/lib64/libm-2.28.so
> perl       290721                      root  mem       REG              252,0     19584       2464 /usr/lib64/libdl-2.28.so
> perl       290721                      root  mem       REG              252,0     88824       2584 /usr/lib64/libresolv-2.28.so
> perl       290721                      root  mem       REG              252,0    150152       2562 /usr/lib64/libpthread-2.28.so
> perl       290721                      root  mem       REG              252,0   2181152      21377 /usr/lib64/libperl.so.5.26.3
> perl       290721                      root  mem       REG              252,0   1106304       2333 /usr/lib64/ld-2.28.so
> perl       290721                      root    0r      CHR                1,3       0t0         18 /dev/null
> perl       290721                      root    1w      CHR                1,3       0t0         18 /dev/null
> perl       290721                      root    2w      CHR                1,3       0t0         18 /dev/null
> perl       290721                      root    3r      REG              252,7     10804     274943 /opt/qpsmtpd/qpsmtpd-forkserver
> perl       290721                      root    4r      REG              252,3   9253600     263299 /var/lib/sss/mc/passwd
> perl       290721                      root    5u     unix 0xffff9ba6990a7600       0t0   32425460 type=STREAM
> perl       290721                      root    6u     IPv4           32425461       0t0        TCP localhost:ms-v-worlds (LISTEN)
> perl       290721                      root    8u     unix 0xffff9ba5a238b600       0t0   32424853 type=DGRAM
> perl       290721                      root    9r      REG              252,3   6940392     263300 /var/lib/sss/mc/group
wornet-aer commented 1 year ago

Unfortunately I haven't been able to reproduce your situation/error. Did you find any solution in the meanwhile?

msimerson commented 1 year ago

When running as a non-root user, you don't have access to Net/DNS/RR/OPT.pm. That's what Can't locate Net/DNS/RR/OPT.pm is telling you.