From owner-freebsd-stable Wed Jan 23 8:53:39 2002 Delivered-To: freebsd-stable@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 9C6A537B405; Wed, 23 Jan 2002 08:53:30 -0800 (PST) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.2/8.12.2) with ESMTP id g0NGrCUa066584 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 23 Jan 2002 08:53:13 -0800 (PST) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.2/8.12.2/Submit) id g0NGrBPe066577; Wed, 23 Jan 2002 08:53:11 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15438.60023.705225.44960@horsey.gshapiro.net> Date: Wed, 23 Jan 2002 08:53:11 -0800 From: Gregory Neil Shapiro To: netch@lucky.net Cc: arch@FreeBSD.ORG, stable@FreeBSD.ORG, anders@fix.no, imp@FreeBSD.ORG Subject: Re: New sendmail users (was Re: HEADS UP: Apache port change from nobody:nogroup to www:www planned) In-Reply-To: <20020123131816.GA43706@lucky.net> References: <29611.1003411145@axl.seasidesoftware.co.za> <15311.1383.814782.672622@horsey.gshapiro.net> <20020123131816.GA43706@lucky.net> X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >> +mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin netch> This breaks majordomo from current port. For secure install, netch> majordomo wrapper is allowed to be run only for majordomo user and netch> group, and port installer adds user=daemon to this group. Today I netch> had to diagnose a host which was updated to 4.5-rc2; addition of netch> mailnull user broke it because sendmail prefers mailnull to daemon netch> when running pipes from root-owned aliases and forwards. netch> The port's maintainer is already notified, but new port revision netch> can't help for already installed ones. netch> Another place where this will break some things (and I know it will netch> really happen for a bunch of my controlled hosts) are direction to netch> files from root-owned aliases/forwards/includes. Now some of these netch> files are owned by daemon, and explicit action is required to update netch> their owner. netch> I suppose that adding of mailnull user and group should be explicitly netch> mentioned in src/UPDATING, with advices for both mentioned cases netch> (majordomo & files). (Note I've quoted the entire message and CC'ed Warner in case he does want to add something to UPDATING on both the HEAD and RELENG_4.) If you still want sendmail to use daemon for the default user, simply add this to your .mc file: define(`confDEF_USER_ID', `daemon') However, migrating to mailnull will increase system security. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message