Name
SafeFileEnvironment
Synopsis
For security it is desirable to control the manner and circumstances
under which messages are delivered to files. Beginning with V8.7
sendmail you can enhance the security of writing
to files with the SafeFileEnvironment
option. It
is used like this:
O SafeFileEnvironment=path ← configuration file (V8.7 and later) -OSafeFileEnvironment=path ← command line (V8.7 and later) define(`confSAFE_FILE_ENV',path)← mc configuration (V8.7 and later)
The path
is of type
string and, if present, must be the full
pathname of a directory. The default, if either
path
or the entire option is missing, is
NULL, causing this feature to be ignored.
When preparing to save a message to a file, sendmail first obtains the permissions of that file, if the file exists, and saves them (Section 12.2.2). The sendmail program uses lstat(2) to obtain those permissions if it was compiled with HASLSTAT defined (HAS...). Otherwise, it uses stat(2).
If the path
for this option is non-NULL
and nonempty, sendmail then precedes that
chroot(2) with a:
chroot(path)
If the chroot(2) fails, sendmail prints the following error and bounces the mail message:
mailfile: Cannot chroot(path)
If the name of the file begins with path
,
that prefix is stripped after the chroot(2) and
before the fopen(3).
For example, consider the need to safely store all mail archive files on the mail hub in a directory called /archives. You would first create this configuration declaration:
O SafeFileEnvironment=/archives ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.