fuhrman@b.coe.wvu.wvnet.edu (Cris Fuhrman) (12/21/88)
Hello, I'm the sys mgr for some Sun 3/60 / 3/50's. We're running 3.5 of Sun OS with 2 server machines (each w/ 2 scsi disks + tapes). Each machine has 4 clients running off of it. One server functions as a yp server to all 9 of the other machines. Effectively, a user on ONE of the 10 is a user on ALL of the 10. Right now, if I send mail to a user, he will only be able to read that mail if he's on the same machine that I was on when I sent him the mail. How do I set up the mail so that any user can get any mail from any sun? I tried setting the aliases file to alias all users at the yp server, so that all mail gets stored on that machine. All the machines share the /usr partition from the yp server machine, so I figured that all the mail checks would be in the same place. The only problem is that when each mail file gets stored in the /usr/spool/mail directory, its owner is "nobody", and therefore mail doesn't think that you have any mail, and even if it did, one can't read "nobody"'s mail if you are a "somebody". Anyway, I'm certain that there are other ppl out there with this same set-up. I'm also certain that I'm not the first to ask this question. If someone could please point me to an old response, I'd sure appreciate it. I'm still new to unix, but I'm coming around. -Cris Fuhrman manager@a.coe.wvu.wvnet.edu (129.71.12.1)
lrj@helios.tn.cornell.edu (12/30/88)
Okay, i dealt with this problem a couple years ago, and haven't really touched sendmail.cf since, but here goes... One of the things about an NFS network is that you cannot (without twiddling a bit and creating a gaping security hole) act as root on an NFS partition. The userid gets translated to "nobody" on the remote machine. Mail is usually delivered by root, thus the problems you described. The interesting thing, however, is that normal users have full access. Due to this, users (with the exception of root) can read/delete mail on an NFS partition without problems*. However, mail can be delivered quite safely by the mail agent IF the partition is a local one. The only way to guarantee no problems with the mail agent delivering the mail is to guarantee that all machines but the server forward the mail TO the server. You mentioned the use of aliases to try to get all the mail sent to the server. In THEORY this ought to work, but i found that in practice is was rather difficult, and the headaches don't go away (eg having to change /usr/lib/aliases on 10 machines everytime you add a new user). A much simpler thing is to change a part of /usr/lib/sendmail.cf to do the work for you. At various points (three by my last count) sendmail will call $#local to deliver the mail and be done with it. What i did is to change this to be $#tcp$@$A, causing sendmail to NOT deliver it locally, but to forward to the server (by defining $A to be the server address). Simply go through your sendmail.cf (after making a backup copy!) and change instances of $#local to be $#tcp$@$A. ONLY DO THIS ON THE CLIENTS!!! DO NOT CHANGE THE SERVER'S SENDMAIL.CF!! Additionally, place these lines near the top of the file: # local mail sever -- lrj DAservers.full.domain.name This ought to work for you. You may also want to define the hostname in your clients' sendmail.cf to be the name of the server, so it looks like ALL mail originating from your network is coming from the server. By doing this, mail coming back to your systems will tend to be addressed to the server, and you cut down on the instances of mail coming to a client only to go to the server. One more thing; you mentioned that /usr is shared? Make sure that /usr/spool/mqueue (and of course everything but mail) is NOT shared or you can run into some very odd problems. The best way to do this is to move /usr/spool/mail to /usr/spool2/mail, and have a symbolic link on each machine in /usr/spool. The reason is that usually /usr/spool is really /private/usr/spool... Of course, what has worked for my machines may or may not work for all cases, and i'm offering the above as an example of what i've done to solve the problem. if you do it and get nailed, it's not my responsibility. -- Lewis R. Jansen, LASSP Systems Grunt lrj@helios.tn.cornell.edu