DontInitGroups
Don’t use initgroups(3) V8.7 and later
Just before executing any delivery agent (including
the *include*
delivery agent) and just before opening a
~/.forward file,
sendmail sets its group and
user identities as appropriate. To illustrate,
consider the U=
equate (U= on page 755). If
the fax delivery
agent has the U=
equate set like this:
U=fax:fax
its A= program will
be executed by the user fax who
is in the group fax. In
addition, sendmail calls the
initgroups(3) system call to
expand the list of groups to which the user belongs.
In the case of fax, it might
also belong to the groups
faxadm and
faxusers. The total result is
that fax can execute, read, and
write any files that have the appropriate group
permissions set for any of the groups
fax,
faxadm, and
faxusers.
This versatility, however, has a price. As group files get huge or as nis, nisplus, or hesiod services become slow (probably because they are also large), the initgroups(3) call can start to adversely affect sendmail’s performance.
When performance is a concern, the DontInitGroups option
can be used to disable
initgroups(3):
O DontInitGroups=bool ← configuration file (V8.7 and later) -ODontInitGroups=bool ← command line (V8.7 and later) define(`confDONT_INIT_GROUPS',bool) ← mc configuration (V8.7 and later)
The argument bool is of
type Boolean. If it is missing,
the default value is true—don’t call
initgroups(3). If the entire
option is missing, the default value is false—do
call initgroups(3). See NO_GROUP_SET ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
