DefaultUser
Default delivery agent identity All versions
The sendmail program can be run as a set-user-id root process (that is, with the permissions of root, regardless of who runs it, the default prior to V8.12). It can also be run as an ordinary process by an ordinary (nonprivileged) user (that is, with root privilege only if it is run by root). When sendmail is run so that it has root privilege, it must give up that privilege under certain circumstances to remain secure.[374]
When it can’t set its identity to that of a real user,
or when it should not (as when writing to files or
running programs specified in the
aliases file),
sendmail sets its
gid to that specified by the
g option and
its uid to that specified by
the u option. For
V8.7 and later, the DefaultUser option sets both the user
and group identities.[375]
When sendmail is running with
root privilege and when the
F=S delivery
agent flag (F=S on page
780) is not specified,
sendmail changes its owner
and group identity to that of an ordinary user in
the following circumstances:
If the mail message is forwarded because of a user’s ~/.forward file, and if delivery is via a delivery agent that has the
F=oflag set (F=o on page 777), sendmail changes its owner and group identity to that of the user whose ~/.forward file was read.Otherwise, if the mail message is being delivered through an aliases(5) file’s
:include:mailing list expansion, and if delivery is via a delivery agent that has theF=oflag set (F=o on page 777) or ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
