TrustedUser

Alternative to root administration V8.10 and later

Beginning with V8.10, sendmail has two different types of trusted users. There are the traditional trusted users defined by the T configuration command (and the class $=t), who can set the sender address using the -f command-line switch (-f on page 241) without generating warnings, and run newaliases.

A separate TrustedUser option sets the identity of the user who can administer sendmail. If it is set, this user will own database-map files (such as aliases) and the control socket (ControlSocketName on page 990).

The TrustedUser option is set like this:

O TrustedUser=userconfiguration file (V8.10 and later)
-OTrustedUser=usercommand line (V8.10 and later)
define(`confTRUSTED_USER',`user')      ← mc configuration (V8.10 and later)

The user is either a user login name (in which case it will be looked up with the appropriate passwd technique), or an integer (in which case it will be used as is as the uid for this user). If the user is an unknown or is omitted, an error will result:

readcf: option TrustedUser: unknown user bad name

There is no default for this option, and the mc configuration technique leaves it undefined by default. See The TrustedUser option (V8.10 and above) on page 176 for a more complete discussion of this option.

The TrustedUser option is not safe. If it is specified from the command line, it can cause sendmail to relinquish its special privileges.

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.