F=S
F=SAssume specified user-id and group-id V8.9 and later
There are three major ways in which
sendmail can be run:[298] as a set-user-id
root process (that is, with the
permissions of root regardless
of who runs it), as a root
process because it was run by
root, or as an ordinary
process run by an ordinary (nonprivileged) user.
When sendmail is running with
root privilege and when the
F=S
delivery
agent flag is specified for a delivery agent,
sendmail always invokes that
delivery agent as the effective user and effective
group specified by the U=
delivery agent equate.[299] If the U=
delivery agent equate is unspecified
or is specified as zero, it runs as the effective
user root. In both instances,
the real user and real group IDs remain those of the
recipient.
If the F=S
flag is
omitted from the delivery agent, the following
scenarios occur:
If delivery is to a file, and if the set-user-id bit is set in the file’s permission bits, and if the execute-bit is not set, sendmail sets its user and group identities to those of the owner and group of the file.
Otherwise, if the set-user-id bit is not set, or if delivery is not to a file, and if there is a controlling user (C line on page 447) for the address, sendmail sets its identity to that of the controlling user for delivery.
Otherwise, if the user or group part of the
U=
delivery agent equate was missing or was 0, sendmail assumes the identity of theDefaultUser
option (DefaultUser on page 1000).Otherwise, sendmail assumes the identity ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.