Add smmsp to /etc/group
When sendmail is run as non-set-user-id root, it is run either as root when it is invoked by the root user (in which case it can read all files), or as another user when it should not run as root. To enable the sendmail program to read and write its queue when it is not root, it needs to always run as a predefined group. It does this by having its set-group-id permission set, and by running under an appropriate group. The sendmail distribution clearly cannot divine ahead of time what group you wish to use when not running sendmail as set-group-id. It could have chosen nogroup, for example, but the user nogroup does not exist under all versions of Unix.
You can choose your own group by using the confGBINGRP build macro
(confGBIN... on page 76) to
place a line such as the following into your build
m4 file. But don’t chose a
group that is shared by any other user. For security
reasons, the group you choose should be used only by
sendmail:
define(`confGBINGRP', `nullgroup')
If you change the group, you will also have to build
and install your own submit.cf
file, and include in the mc
file, for that creation, a definition for that new
group with the RunAsUser option (The RunAsUser option (V8.8 and above)
on page 176), like this:
FEATURE(`msp') define(`confRUN_AS_USER', `:nullgroup')
Note that the same option sets both the user and the group. A combined declaration might look like this:
FEATURE(`msp') define(`confRUN_AS_USER', `nullmail:nullgroup')
If you don’t change ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
