Date: Wed, 23 Jan 2002 08:53:11 -0800 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: netch@lucky.net Cc: arch@FreeBSD.ORG, stable@FreeBSD.ORG, anders@fix.no, imp@FreeBSD.ORG Subject: Re: New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned) Message-ID: <15438.60023.705225.44960@horsey.gshapiro.net> In-Reply-To: <20020123131816.GA43706@lucky.net> References: <29611.1003411145@axl.seasidesoftware.co.za> <xzpofn5dqqk.fsf@flood.ping.uio.no> <15311.1383.814782.672622@horsey.gshapiro.net> <20020123131816.GA43706@lucky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin netch> This breaks majordomo from current port. For secure install, netch> majordomo wrapper is allowed to be run only for majordomo user and netch> group, and port installer adds user=daemon to this group. Today I netch> had to diagnose a host which was updated to 4.5-rc2; addition of netch> mailnull user broke it because sendmail prefers mailnull to daemon netch> when running pipes from root-owned aliases and forwards. netch> The port's maintainer is already notified, but new port revision netch> can't help for already installed ones. netch> Another place where this will break some things (and I know it will netch> really happen for a bunch of my controlled hosts) are direction to netch> files from root-owned aliases/forwards/includes. Now some of these netch> files are owned by daemon, and explicit action is required to update netch> their owner. netch> I suppose that adding of mailnull user and group should be explicitly netch> mentioned in src/UPDATING, with advices for both mentioned cases netch> (majordomo & files). (Note I've quoted the entire message and CC'ed Warner in case he does want to add something to UPDATING on both the HEAD and RELENG_4.) If you still want sendmail to use daemon for the default user, simply add this to your .mc file: define(`confDEF_USER_ID', `daemon') However, migrating to mailnull will increase system security. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15438.60023.705225.44960>