Date: Wed, 23 Jan 2002 15:18:16 +0200 From: Valentin Nechayev <netch@lucky.net> To: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> Cc: arch@FreeBSD.ORG, stable@FreeBSD.ORG, anders@fix.no Subject: Re: New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned) Message-ID: <20020123131816.GA43706@lucky.net> In-Reply-To: <15311.1383.814782.672622@horsey.gshapiro.net> References: <29611.1003411145@axl.seasidesoftware.co.za> <xzpofn5dqqk.fsf@flood.ping.uio.no> <15311.1383.814782.672622@horsey.gshapiro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thu, Oct 18, 2001 at 09:37:59, gshapiro wrote about "New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned)": > Index: master.passwd > =================================================================== > RCS file: /src/FreeBSD/cvsrepo/src/etc/master.passwd,v > retrieving revision 1.25 > diff -u -r1.25 master.passwd > --- master.passwd 1999/09/13 17:09:07 1.25 > +++ master.passwd 2001/10/18 16:31:44 > @@ -10,6 +10,8 @@ > games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin > news:*:8:8::0:0:News Subsystem:/:/sbin/nologin > man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin > +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin > +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin This breaks majordomo from current port. For secure install, majordomo wrapper is allowed to be run only for majordomo user and group, and port installer adds user=daemon to this group. Today I had to diagnose a host which was updated to 4.5-rc2; addition of mailnull user broke it because sendmail prefers mailnull to daemon when running pipes from root-owned aliases and forwards. The port's maintainer is already notified, but new port revision can't help for already installed ones. Another place where this will break some things (and I know it will really happen for a bunch of my controlled hosts) are direction to files from root-owned aliases/forwards/includes. Now some of these files are owned by daemon, and explicit action is required to update their owner. I suppose that adding of mailnull user and group should be explicitly mentioned in src/UPDATING, with advices for both mentioned cases (majordomo & files). /netch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020123131816.GA43706>