SafeFileEnvironment
Directory for safe file writes V8.7 and later
For security, it is desirable to control the manner
and circumstances under which messages are delivered
to files. Beginning with V8.7
sendmail, you can enhance the
security of writing to files with the SafeFileEnvironment
option. It is used like this:
O SafeFileEnvironment=path ← configuration file (V8.7 and later) -OSafeFileEnvironment=path ← command line (V8.7 and later) define(`confSAFE_FILE_ENV',path) ← mc configuration (V8.7 and later)
The path is of type
string and, if present, must
be the full pathname of a directory. The default, if
either path or the entire
option is missing, is NULL, causing this feature to
be ignored.
When preparing to save a message to a file, sendmail first obtains the permissions of that file, if the file exists, and saves them (Delivery to Files on page 466). The sendmail program uses lstat(2) to obtain those permissions if it was compiled with HASLSTAT defined (HAS... on page 114). Otherwise, it uses stat(2).
If the path for this option
is non-NULL and nonempty,
sendmail then precedes that
chroot(2) with a:
chroot(path)If the chroot(2) fails, sendmail prints the following error and bounces the mail message:
mailfile: Cannot chroot(path)If the name of the file begins with
path, that prefix is
stripped after the chroot(2)
and before the fopen(3).
For example, consider the need to safely store all mail archive files on the mail hub in a directory called /archives. You would first create this ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
