Date: Thu, 18 Oct 2001 09:37:59 -0700 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: arch@FreeBSD.ORG Subject: New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned) Message-ID: <15311.1383.814782.672622@horsey.gshapiro.net> In-Reply-To: <xzpofn5dqqk.fsf@flood.ping.uio.no> References: <29611.1003411145@axl.seasidesoftware.co.za> <xzpofn5dqqk.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
des> It should set up and use its own UID, just like QMail and Postfix set des> up and use their own UIDs. Ideally, there would be a user in our des> standard master.passwd named "smtp" or "mail", with UID 25 (and of des> course a corresponding group). Since it's come up, now is the opportune time for me to float this patch that I would like to commit in preparation for the sendmail 8.12 import. sendmail 8.12 no longer requires a set-user-ID root binary but will require a couple of users. I'd like to commit this soon so it filters into password files before 8.12 is imported. Some snippets from sendmail's various docs explaining the users: sendmail must be a set-group-ID (default group: smmsp, recommended gid: 25) program to allow for queueing mail in a group-writable directory. The following permissions should be used: -r-xr-sr-x root smmsp ... /PATH/TO/sendmail drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue drwx------ root wheel ... /var/spool/mqueue You can start this program as root, it will change its user id to RunAsUser (smmsp by default, recommended uid: 25). This way smmsp does not need a valid shell. RunAsUser: FEATURE(`msp') sets the option RunAsUser to smmsp. This user must have the group smmsp, i.e., the same group as the clientmqueue directory. -- The default value for DefaultUser is now set to the uid and gid of the first existing user mailnull, sendmail, or daemon that has a non-zero uid. If none of these exist, sendmail reverts back to the old behavior of using uid 1 and gid 1. (Note currently FreeBSD uses daemon for DefaultUser but I would prefer not to use an account used by other programs, hence the addition of mailnull.) Index: group =================================================================== RCS file: /src/FreeBSD/cvsrepo/src/etc/group,v retrieving revision 1.19 diff -u -r1.19 group --- group 1999/08/27 23:23:41 1.19 +++ group 2001/10/18 16:31:43 @@ -12,6 +12,8 @@ man:*:9: games:*:13: staff:*:20:root +smmsp:*:25: +mailnull:*:26: guest:*:31:root bind:*:53: uucp:*:66: Index: master.passwd =================================================================== RCS file: /src/FreeBSD/cvsrepo/src/etc/master.passwd,v retrieving revision 1.25 diff -u -r1.25 master.passwd --- master.passwd 1999/09/13 17:09:07 1.25 +++ master.passwd 2001/10/18 16:31:44 @@ -10,6 +10,8 @@ games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15311.1383.814782.672622>