Path: utzoo!attcan!uunet!ncc!lyndon@nexus.ca
From: lyndon@nexus.ca (Lyndon Nerenberg)
Newsgroups: comp.mail.sendmail
Subject: Re: Non-root sendmail?
Message-ID: <10523@ncc.Nexus.CA>
Date: 11 Nov 88 20:25:43 GMT
References: <164@heart-of-gold>
Sender: lyndon@ncc.Nexus.CA
Reply-To: lyndon@nexus.ca (Lyndon Nerenberg)
Organization: Nexus Computing Inc.
Lines: 22
In-reply-to: jc@heart-of-gold (John M Chambers)

In article <164@heart-of-gold>, jc@heart-of-gold (John M Chambers) writes:
>Is there a way to run sendmail under a non-root id?  
>
>Maybe I should clarify.  The obvious answer is "yes", since /etc/rc can
>always do something like
>	su mail /usr/lib/sendmail -bd -q1h
>This is not a good enough answer, however, because, while I can indeed do
>this on our Suns, the resulting process dies rather soon, resulting in no
>sendmail daemon running at all.  Why it dies, I don't understand.

When sendmail runs as the SMTP listener it must bind itself to a
priveledged port. This requires it run as the superuser.

You might consider writing a seperate process to deal with the
SMTP socket that hands off incoming messages to sendmail,
which could (probably) run setgid and not setuid. I say probably
becuase sendmail was written to run as the superuser, and would
require some hacking to function in a setgid environment.

The fact of the matter is sendmail needs a complete re-write.

--lyndon