From owner-freebsd-arch Thu Oct 18 9:38:11 2001 Delivered-To: freebsd-arch@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id A033C37B40A for ; Thu, 18 Oct 2001 09:38:00 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.1/8.12.1) with ESMTP id f9IGc0NM007365 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Thu, 18 Oct 2001 09:38:00 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.1/8.12.1/Submit) id f9IGbxsp007362; Thu, 18 Oct 2001 09:37:59 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15311.1383.814782.672622@horsey.gshapiro.net> Date: Thu, 18 Oct 2001 09:37:59 -0700 From: Gregory Neil Shapiro To: arch@FreeBSD.ORG Subject: New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned) In-Reply-To: References: <29611.1003411145@axl.seasidesoftware.co.za> X-Mailer: VM 6.96 under 21.5 (beta3) "asparagus" XEmacs Lucid Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG des> It should set up and use its own UID, just like QMail and Postfix set des> up and use their own UIDs. Ideally, there would be a user in our des> standard master.passwd named "smtp" or "mail", with UID 25 (and of des> course a corresponding group). Since it's come up, now is the opportune time for me to float this patch that I would like to commit in preparation for the sendmail 8.12 import. sendmail 8.12 no longer requires a set-user-ID root binary but will require a couple of users. I'd like to commit this soon so it filters into password files before 8.12 is imported. Some snippets from sendmail's various docs explaining the users: sendmail must be a set-group-ID (default group: smmsp, recommended gid: 25) program to allow for queueing mail in a group-writable directory. The following permissions should be used: -r-xr-sr-x root smmsp ... /PATH/TO/sendmail drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue drwx------ root wheel ... /var/spool/mqueue You can start this program as root, it will change its user id to RunAsUser (smmsp by default, recommended uid: 25). This way smmsp does not need a valid shell. RunAsUser: FEATURE(`msp') sets the option RunAsUser to smmsp. This user must have the group smmsp, i.e., the same group as the clientmqueue directory. -- The default value for DefaultUser is now set to the uid and gid of the first existing user mailnull, sendmail, or daemon that has a non-zero uid. If none of these exist, sendmail reverts back to the old behavior of using uid 1 and gid 1. (Note currently FreeBSD uses daemon for DefaultUser but I would prefer not to use an account used by other programs, hence the addition of mailnull.) Index: group =================================================================== RCS file: /src/FreeBSD/cvsrepo/src/etc/group,v retrieving revision 1.19 diff -u -r1.19 group --- group 1999/08/27 23:23:41 1.19 +++ group 2001/10/18 16:31:43 @@ -12,6 +12,8 @@ man:*:9: games:*:13: staff:*:20:root +smmsp:*:25: +mailnull:*:26: guest:*:31:root bind:*:53: uucp:*:66: Index: master.passwd =================================================================== RCS file: /src/FreeBSD/cvsrepo/src/etc/master.passwd,v retrieving revision 1.25 diff -u -r1.25 master.passwd --- master.passwd 1999/09/13 17:09:07 1.25 +++ master.passwd 2001/10/18 16:31:44 @@ -10,6 +10,8 @@ games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message