From owner-freebsd-stable  Wed Jan 23  5:18:34 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107])
	by hub.freebsd.org (Postfix) with ESMTP
	id AE60637B400; Wed, 23 Jan 2002 05:18:22 -0800 (PST)
Received: from netch@localhost (netch@localhost)
	by burka.carrier.kiev.ua  id PHA46547;
	Wed, 23 Jan 2002 15:18:16 +0200 (EET)
	(envelope-from netch)
Date: Wed, 23 Jan 2002 15:18:16 +0200
From: Valentin Nechayev <netch@lucky.net>
To: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
Cc: arch@FreeBSD.ORG, stable@FreeBSD.ORG, anders@fix.no
Subject: Re: New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned)
Message-ID: <20020123131816.GA43706@lucky.net>
Reply-To: netch@lucky.net
References: <29611.1003411145@axl.seasidesoftware.co.za> <xzpofn5dqqk.fsf@flood.ping.uio.no> <15311.1383.814782.672622@horsey.gshapiro.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <15311.1383.814782.672622@horsey.gshapiro.net>
X-42: On
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

 Thu, Oct 18, 2001 at 09:37:59, gshapiro wrote about "New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned)": 

> Index: master.passwd
> ===================================================================
> RCS file: /src/FreeBSD/cvsrepo/src/etc/master.passwd,v
> retrieving revision 1.25
> diff -u -r1.25 master.passwd
> --- master.passwd	1999/09/13 17:09:07	1.25
> +++ master.passwd	2001/10/18 16:31:44
> @@ -10,6 +10,8 @@
>  games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
>  news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
>  man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
> +smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin
> +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin

This breaks majordomo from current port. For secure install, majordomo
wrapper is allowed to be run only for majordomo user and group, and
port installer adds user=daemon to this group. Today I had to diagnose a host
which was updated to 4.5-rc2; addition of mailnull user broke it because
sendmail prefers mailnull to daemon when running pipes from root-owned
aliases and forwards.

The port's maintainer is already notified, but new port revision can't help
for already installed ones.

Another place where this will break some things (and I know it will really
happen for a bunch of my controlled hosts) are direction to files from
root-owned aliases/forwards/includes. Now some of these files are owned
by daemon, and explicit action is required to update their owner.

I suppose that adding of mailnull user and group should be explicitly
mentioned in src/UPDATING, with advices for both mentioned cases
(majordomo & files).


/netch

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message